Winstep

Software Technologies


 Winstep Forums


Print view
Board index : Winstep Forums : General Discussion  [ 4 posts ]
Author Message
 Post subject: Firefox and Chrome Warning About Insecure Logins
PostPosted: Sat Mar 25, 2017 3:12 pm 
Offline
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 8336
Google Chrome 56 and Mozilla Firefox 51 bring a new warning about insecure login pages.

All this 'insecure login/connection' warning means is that the information (such as user name and password for the forum) traveling from the user's computer to the target server is not encrypted.

The Internet is such that network packets traveling from site A to site B are routed through several machines in-between. In theory, if one of the machines in the middle is compromised, this information can be 'listened to'. This is called a 'man-in-the-middle' attack.

If the packets are encrypted, even if a machine in the middle of the communication chain is compromised, it won't be able to make head or tails of this information.

In practice, the Internet has always worked this way and the world hasn't ended because this man-in-the-middle attack is only a problem if one of the hubs is compromised, or someone is 'sniffing' (and directly targeting) your WiFi connection (in which case you have bigger problems).

Also, forums don't usually have sensitive information. The worst case scenario, and the one I believe FF and Chrome are trying to protect you from, is someone getting your username and password and YOU re-using those as valid logins to sensitive sites, such as online banking.

Most forums and web sites on the Internet do not use secure https connections, instead still relying on the old unencrypted http protocol - so you will be seeing this warning A LOT from now on.

This said, if you want you can already access this forum via a HTTPS secure connection. Give it a try and please let me know below if it works for you:

https://forums.winstep.net

There are a couple of drawbacks though:

Images that link to other sites are usually linked via HTTP and not HTTPS. Because of this, on posts that have links to external images you get a yellow warning icon in the address bar (under FF) claiming that 'parts of this page are not secure (such as images)'

I was actually pleasantly surprised that you could see the images, I was expecting a broken link instead.

However, embeded Youtube videos are NOT visible when using an HTTPS connection. For instance, check the bottom of following post:

Insecure connection:

http://forums.winstep.net/phpBB2/viewto ... 131#p28131

Secure connection:

viewtopic.php?p=28131#p28131

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
 Post subject: Re: Firefox and Chrome Warning About Insecure Logins
PostPosted: Sun Mar 26, 2017 12:56 am 
Offline
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 8336
winstep wrote:
However, embeded Youtube videos are NOT visible when using an HTTPS connection.


Ok, I think I fixed this. Please let me know if you have trouble seeing images or videos in posts when connecting via HTTPS (or experience any other weird behavior).

I also already changed the 'Forums' header in the top banner of the Winstep web site so it connects to the forums via HTTPS instead of HTTP.

If everything is found to be working correctly, I will then feel comfortable changing the settings in the server so HTTP connections to the forums are automatically redirected to HTTPS.

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
 Post subject: Re: Firefox and Chrome Warning About Insecure Logins
PostPosted: Sun Mar 26, 2017 4:17 am 
Offline
User avatar

Joined: Thu Mar 18, 2004 12:11 am
Posts: 277
Location: Pollock Pines, CA
video and images load fine here.

_________________
vectornut
http://www.vectornut.com


Back to top
 Profile WWW 
 
 Post subject: Re: Firefox and Chrome Warning About Insecure Logins
PostPosted: Wed Mar 29, 2017 10:00 pm 
Offline
Site Admin
User avatar

Joined: Thu Feb 26, 2004 8:30 pm
Posts: 8336
The Winstep forums are now being provided over a secure connection (HTTPS).

Accesses to http://forums.winstep.net are now also being automatically re-directed to https://forums.winstep.net, and the FORUMS links on the website header have been updated so they point to https://forums.winstep.net rather than http://forums.winstep.net.

Unfortunately bookmarked direct links to topics over HTTP (e.g.; http://forums.winstep.net/phpBB2/viewto ... f=2&t=4301) could not be automatically re-directed to HTTPS as well. We tried and as a result the whole website became inaccessible for 8 hours (I think it was the longest downtime winstep.net had in over 17 years).

This is not a biggie since the forums can work normally under both secure (HTTPS) and non-secure (HTTP) connections.

_________________
Jorge Coelho
Winstep Xtreme - Xtreme Power!
http://www.winstep.net - Winstep Software Technologies


Back to top
 Profile WWW 
 
Post new topic Reply to topic Board index : Winstep Forums : General Discussion  [ 4 posts ]
Display posts from previous:  Sort by  

Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron