The Survival Podcast Forum

Site Suggestions, Support and Resources => ANNOUNCEMENTS => Topic started by: archer on December 12, 2017, 10:45:16 AM

Title: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 12, 2017, 10:45:16 AM
I've turned on HTTPS for the blog/forum and am now redirecting HTTP to HTTPS. You might see 'Security Errors' because some of the images are hard coded to be HTTP, we are working to fix  those.

Let us know if you have issues.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: surfivor on December 12, 2017, 12:16:52 PM

 Extra security ?
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Mr. Bill on December 12, 2017, 12:44:57 PM
Extra security ?

A little bit.  HTTPS just encrypts data as it travels between your computer and the TSP server.  So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you.  But the server itself isn't any more secure than it was.

One problem we will not solve: your browser will give you a security warning for most pages, because any hotlinked images from other sites are likely to be HTTP instead of HTTPS.  This applies to many members' avatars, images in their signature lines, and images that they've linked in their posts.  There's no way to avoid this on a public forum, so these warnings will persist.  (I'm going to try to fix it at least for the forum homepage, where the admins have control over all the displayed images.)
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 12, 2017, 02:13:58 PM
A little bit.  HTTPS just encrypts data as it travels between your computer and the TSP server.  So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you.  But the server itself isn't any more secure than it was.

this means that no one can run a scanner and read the text going to/from your computer and the server (besides the images that bill mentioned)
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Smurf Hunter on December 12, 2017, 02:47:27 PM
As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS.  The SSL certificate seems ok.


Quote
Mixed content
This page includes HTTP resources.
Reload the page to record requests for HTTP resources.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 12, 2017, 05:04:55 PM
As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS.  The SSL certificate seems ok.

the damn hard coded image paths are http....

Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: iam4liberty on December 12, 2017, 06:53:22 PM
Thank you!  This is an important update.

Love for the mods incoming. 
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Alan Georges on December 12, 2017, 07:19:00 PM
Thank you!  This is an important update.

Love for the mods incoming.

Yes, definitely!  Thanks mods!
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: FreeLancer on December 12, 2017, 07:26:56 PM
Not the mods, it's the admins that need thanking.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: iam4liberty on December 12, 2017, 07:45:48 PM
Not the mods, it's the admins that need thanking.

We love both groups.  :)  But yes, thanks admins!
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Mr. Bill on December 14, 2017, 07:52:14 PM
Anybody having any problems since we made the switch?  (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't.  But it's not happening all the time.  Has anyone else noticed this?
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 15, 2017, 09:11:02 AM
hmm... that is weird....
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: surfivor on December 15, 2017, 09:49:32 AM
Anybody having any problems since we made the switch?  (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't.  But it's not happening all the time.  Has anyone else noticed this?

which PHP forum framework/engine are you using ?
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 15, 2017, 10:53:51 AM
SMF.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: surfivor on December 15, 2017, 11:17:33 AM
I'm not sure if any of this is interesting or not


https://www.simplemachines.org/community/index.php?topic=555034.0

https://www.simplemachines.org/community/index.php?topic=554539.0

https://www.simplemachines.org/community/index.php?topic=555680.0

https://www.google.com/search?q=site:simplemachines.org+https&rlz=1C1CHBF_enUS773US773&ei=6hA0WvT7NMrG_QbmqZ3gCw&start=10&sa=N&biw=1385&bih=638
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Bradbn4 on December 15, 2017, 11:22:01 AM
I did notice a few small "studders" where the browser was waiting for a secure tls.

Now this could because I run with the Nightly beta (alpha?) builds of Firefox.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Mr. Bill on December 15, 2017, 11:45:31 AM
I'm not sure if any of this is interesting or not


https://www.simplemachines.org/community/index.php?topic=555034.0

https://www.simplemachines.org/community/index.php?topic=554539.0

https://www.simplemachines.org/community/index.php?topic=555680.0

https://www.google.com/search?q=site:simplemachines.org+https&rlz=1C1CHBF_enUS773US773&ei=6hA0WvT7NMrG_QbmqZ3gCw&start=10&sa=N&biw=1385&bih=638

Thanks, I hadn't gone looking for that info yet.  We're overdue here for a software update, so I'll try to get everything fixed at the same time.
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: archer on December 15, 2017, 12:33:38 PM
This site in interesting for testing: https://www.whynopadlock.com/
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Mr. Bill on December 19, 2017, 10:20:08 AM
FYI: Jack was having problems editing his blog, so at the moment we are no longer forcing all connections to HTTPS.  You can still use HTTPS if you want -- take your pick:

http://thesurvivalpodcast.com/forum/index.php

https://thesurvivalpodcast.com/forum/index.php
Title: Re: TheSurvivalPodcast blog/forum are now HTTPS
Post by: Stwood on December 19, 2017, 04:16:36 PM
Anybody having any problems since we made the switch?  (I mean other than the security warning.)



Nuttin honey. All's well here.  ;D