Author Topic: TheSurvivalPodcast blog/forum are now HTTPS (Read 4021 times)

archer · « **on:** December 12, 2017, 10:45:16 AM »

I've turned on HTTPS for the blog/forum and am now redirecting HTTP to HTTPS. You might see 'Security Errors' because some of the images are hard coded to be HTTP, we are working to fix those.

Let us know if you have issues.

surfivor · « **Reply #1 on:** December 12, 2017, 12:16:52 PM »

Extra security ?

Mr. Bill · « **Reply #2 on:** December 12, 2017, 12:44:57 PM »

Quote from: surfivor on December 12, 2017, 12:16:52 PM

Extra security ?

A little bit. HTTPS just encrypts data as it travels between your computer and the TSP server. So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you. But the server itself isn't any more secure than it was.

One problem we will not solve: your browser will give you a security warning for most pages, because any hotlinked images from other sites are likely to be HTTP instead of HTTPS. This applies to many members' avatars, images in their signature lines, and images that they've linked in their posts. There's no way to avoid this on a public forum, so these warnings will persist. (I'm going to try to fix it at least for the forum homepage, where the admins have control over all the displayed images.)

archer · « **Reply #3 on:** December 12, 2017, 02:13:58 PM »

Quote from: Mr. Bill on December 12, 2017, 12:44:57 PM

A little bit. HTTPS just encrypts data as it travels between your computer and the TSP server. So this at least adds a little protection for your password, if you're logging on via public Wi-Fi where somebody might be snooping on you. But the server itself isn't any more secure than it was.

this means that no one can run a scanner and read the text going to/from your computer and the server (besides the images that bill mentioned)

Smurf Hunter · « **Reply #4 on:** December 12, 2017, 02:47:27 PM »

As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS. The SSL certificate seems ok.

Quote

Mixed content
This page includes HTTP resources.
Reload the page to record requests for HTTP resources.

archer · « **Reply #5 on:** December 12, 2017, 05:04:55 PM »

Quote from: Smurf Hunter on December 12, 2017, 02:47:27 PM

As info, Google Chrome is saying the site is not complete secure.

When I inspect the page, all I find is the mix of HTTP and HTTPS. The SSL certificate seems ok.

the damn hard coded image paths are http....

iam4liberty · « **Reply #6 on:** December 12, 2017, 06:53:22 PM »

Thank you! This is an important update.

Love for the mods incoming.

Alan Georges · « **Reply #7 on:** December 12, 2017, 07:19:00 PM »

Quote from: iam4liberty on December 12, 2017, 06:53:22 PM

Thank you! This is an important update.

Love for the mods incoming.

Yes, definitely! Thanks mods!

FreeLancer · « **Reply #8 on:** December 12, 2017, 07:26:56 PM »

Not the mods, it's the admins that need thanking.

iam4liberty · « **Reply #9 on:** December 12, 2017, 07:45:48 PM »

Quote from: FreeLancer on December 12, 2017, 07:26:56 PM

Not the mods, it's the admins that need thanking.

We love both groups.

But yes, thanks admins!

Mr. Bill · « **Reply #10 on:** December 14, 2017, 07:52:14 PM »

Anybody having any problems since we made the switch? (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't. But it's not happening all the time. Has anyone else noticed this?

archer · « **Reply #11 on:** December 15, 2017, 09:11:02 AM »

hmm... that is weird....

surfivor · « **Reply #12 on:** December 15, 2017, 09:49:32 AM »

Quote from: Mr. Bill on December 14, 2017, 07:52:14 PM

Anybody having any problems since we made the switch? (I mean other than the security warning.)

Seems like some of the "new post" indications aren't correct -- threads are being marked as having new posts when they don't. But it's not happening all the time. Has anyone else noticed this?

which PHP forum framework/engine are you using ?

archer · « **Reply #13 on:** December 15, 2017, 10:53:51 AM »

surfivor · « **Reply #14 on:** December 15, 2017, 11:17:33 AM »

I'm not sure if any of this is interesting or not

https://www.simplemachines.org/community/index.php?topic=555034.0

https://www.simplemachines.org/community/index.php?topic=554539.0

https://www.simplemachines.org/community/index.php?topic=555680.0

https://www.google.com/search?q=site:simplemachines.org+https&rlz=1C1CHBF_enUS773US773&ei=6hA0WvT7NMrG_QbmqZ3gCw&start=10&sa=N&biw=1385&bih=638

Bradbn4 · « **Reply #15 on:** December 15, 2017, 11:22:01 AM »

I did notice a few small "studders" where the browser was waiting for a secure tls.

Now this could because I run with the Nightly beta (alpha?) builds of Firefox.

Mr. Bill · « **Reply #16 on:** December 15, 2017, 11:45:31 AM »

Quote from: surfivor on December 15, 2017, 11:17:33 AM

I'm not sure if any of this is interesting or not

https://www.simplemachines.org/community/index.php?topic=555034.0

https://www.simplemachines.org/community/index.php?topic=554539.0

https://www.simplemachines.org/community/index.php?topic=555680.0

https://www.google.com/search?q=site:simplemachines.org+https&rlz=1C1CHBF_enUS773US773&ei=6hA0WvT7NMrG_QbmqZ3gCw&start=10&sa=N&biw=1385&bih=638

Thanks, I hadn't gone looking for that info yet. We're overdue here for a software update, so I'll try to get everything fixed at the same time.

archer · « **Reply #17 on:** December 15, 2017, 12:33:38 PM »

This site in interesting for testing: https://www.whynopadlock.com/

Mr. Bill · « **Reply #18 on:** December 19, 2017, 10:20:08 AM »

FYI: Jack was having problems editing his blog, so at the moment we are no longer forcing all connections to HTTPS. You can still use HTTPS if you want -- take your pick:

http://thesurvivalpodcast.com/forum/index.php

https://thesurvivalpodcast.com/forum/index.php

Stwood · « **Reply #19 on:** December 19, 2017, 04:16:36 PM »

Quote from: Mr. Bill on December 14, 2017, 07:52:14 PM

Anybody having any problems since we made the switch? (I mean other than the security warning.)

Nuttin honey. All's well here.

News:

Author Topic: TheSurvivalPodcast blog/forum are now HTTPS (Read 4021 times)