Author Topic: TheSurvivalPodcast blog/forum are now HTTPS  (Read 1989 times)

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
TheSurvivalPodcast blog/forum are now HTTPS
« on: December 12, 2017, 10:45:16 AM »
I've turned on HTTPS for the blog/forum and am now redirecting HTTP to HTTPS. You might see 'Security Errors' because some of the images are hard coded to be HTTP, we are working to fix  those.

Let us know if you have issues.

Online surfivor

  • Survival Veteran
  • ********
  • Posts: 6636
  • Karma: 85
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #1 on: December 12, 2017, 12:16:52 PM »

 Extra security ?

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 13946
  • Karma: 1846
  • Trained Attack Sheepdog/Troll hunter
    • Website maintenance services by Mr. Bill
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #2 on: December 12, 2017, 12:44:57 PM »
Extra security ?

A little bit.  HTTPS just encrypts data as it travels between your computer and the TSP server.  So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you.  But the server itself isn't any more secure than it was.

One problem we will not solve: your browser will give you a security warning for most pages, because any hotlinked images from other sites are likely to be HTTP instead of HTTPS.  This applies to many members' avatars, images in their signature lines, and images that they've linked in their posts.  There's no way to avoid this on a public forum, so these warnings will persist.  (I'm going to try to fix it at least for the forum homepage, where the admins have control over all the displayed images.)

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #3 on: December 12, 2017, 02:13:58 PM »
A little bit.  HTTPS just encrypts data as it travels between your computer and the TSP server.  So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you.  But the server itself isn't any more secure than it was.

this means that no one can run a scanner and read the text going to/from your computer and the server (besides the images that bill mentioned)

Offline Smurf Hunter

  • Survival Veteran
  • ********
  • Posts: 6996
  • Karma: 329
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #4 on: December 12, 2017, 02:47:27 PM »
As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS.  The SSL certificate seems ok.


Quote
Mixed content
This page includes HTTP resources.
Reload the page to record requests for HTTP resources.

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #5 on: December 12, 2017, 05:04:55 PM »
As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS.  The SSL certificate seems ok.

the damn hard coded image paths are http....


Online iam4liberty

  • Survival Demonstrator
  • *******
  • Posts: 2380
  • Karma: 182
  • New TSP Forum member
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #6 on: December 12, 2017, 06:53:22 PM »
Thank you!  This is an important update.

Love for the mods incoming. 

Offline Alan Georges

  • Survival Demonstrator
  • *******
  • Posts: 4374
  • Karma: 205
  • Still trying to reason with hurricane season.
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #7 on: December 12, 2017, 07:19:00 PM »
Thank you!  This is an important update.

Love for the mods incoming.

Yes, definitely!  Thanks mods!

Offline FreeLancer

  • Global Moderator
  • Survival Veteran
  • ******
  • Posts: 5466
  • Karma: 746
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #8 on: December 12, 2017, 07:26:56 PM »
Not the mods, it's the admins that need thanking.

Online iam4liberty

  • Survival Demonstrator
  • *******
  • Posts: 2380
  • Karma: 182
  • New TSP Forum member
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #9 on: December 12, 2017, 07:45:48 PM »
Not the mods, it's the admins that need thanking.

We love both groups.  :)  But yes, thanks admins!

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 13946
  • Karma: 1846
  • Trained Attack Sheepdog/Troll hunter
    • Website maintenance services by Mr. Bill
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #10 on: December 14, 2017, 07:52:14 PM »
Anybody having any problems since we made the switch?  (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't.  But it's not happening all the time.  Has anyone else noticed this?

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #11 on: December 15, 2017, 09:11:02 AM »
hmm... that is weird....

Online surfivor

  • Survival Veteran
  • ********
  • Posts: 6636
  • Karma: 85
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #12 on: December 15, 2017, 09:49:32 AM »
Anybody having any problems since we made the switch?  (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't.  But it's not happening all the time.  Has anyone else noticed this?

which PHP forum framework/engine are you using ?

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #13 on: December 15, 2017, 10:53:51 AM »
SMF.


Offline Bradbn4

  • Dedicated Contributor
  • ******
  • Posts: 1207
  • Karma: 38
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #15 on: December 15, 2017, 11:22:01 AM »
I did notice a few small "studders" where the browser was waiting for a secure tls.

Now this could because I run with the Nightly beta (alpha?) builds of Firefox.

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 13946
  • Karma: 1846
  • Trained Attack Sheepdog/Troll hunter
    • Website maintenance services by Mr. Bill

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17026
  • Karma: 379
  • #ImissAmerica
    • Journey to Greener Pastures
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #17 on: December 15, 2017, 12:33:38 PM »
This site in interesting for testing: https://www.whynopadlock.com/

Offline Mr. Bill

  • Like a hot cocoa mojito
  • Administrator
  • Forum Veteran
  • *******
  • Posts: 13946
  • Karma: 1846
  • Trained Attack Sheepdog/Troll hunter
    • Website maintenance services by Mr. Bill
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #18 on: December 19, 2017, 10:20:08 AM »
FYI: Jack was having problems editing his blog, so at the moment we are no longer forcing all connections to HTTPS.  You can still use HTTPS if you want -- take your pick:

http://thesurvivalpodcast.com/forum/index.php

https://thesurvivalpodcast.com/forum/index.php

Offline Stwood

  • Survival Demonstrator
  • *******
  • Posts: 2442
  • Karma: 59
  • Wut wuz dat Olie?
Re: TheSurvivalPodcast blog/forum are now HTTPS
« Reply #19 on: December 19, 2017, 04:16:36 PM »
Anybody having any problems since we made the switch?  (I mean other than the security warning.)



Nuttin honey. All's well here.  ;D