Securing PA with HTTPS |
Post Reply | Page 12> |
Author | ||
Luis de Sousa
Forum Senior Member Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
Post Options
Thanks(0)
Posted: October 07 2020 at 00:27 |
|
Hi all, as you may have noticed, every time you log on to PA from Chromium or Firefox, the browser warns you that the site is not secure. This happens because PA still functions on the old HTTP protocol, without encryption. The passwords are sent in clear text to the server and can easily be intercepted. A few more technical details in the post below: https://serverguy.com/ssl/google-forcing-ssl-certificate-websites/ Google and Mozilla have started flagging all websites using the old protocol as insecure a couple of years ago and there are persistent rumors about their browsers will blocking insecure websites altogether in the near future. Is the admin team working to set up HTTPS for PA? Or is there another plan in place? Thank you.
|
||
DamoXt7942
Forum & Site Admin Group Avant/Cross/Neo/Post Teams Joined: October 15 2008 Location: Okayama, Japan Status: Offline Points: 17486 |
Post Options
Thanks(0)
|
|
Only the Owner M@X can deal with this issue. We Admins cannot do anything, sadly.
|
||
chopper
Special Collaborator Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 19952 |
Post Options
Thanks(0)
|
|
Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com.
|
||
DamoXt7942
Forum & Site Admin Group Avant/Cross/Neo/Post Teams Joined: October 15 2008 Location: Okayama, Japan Status: Offline Points: 17486 |
Post Options
Thanks(0)
|
|
^ Wow ... not realized until now.
|
||
Meltdowner
Special Collaborator Honorary Collaborator Joined: June 25 2013 Location: Portugal Status: Offline Points: 10215 |
Post Options
Thanks(0)
|
|
It only lacks a redirect rule then. M@x could do that in a minute.
|
||
Rivertree
Special Collaborator Honorary Collaborator / Band Submissions Joined: March 22 2006 Location: Germany Status: Offline Points: 17584 |
Post Options
Thanks(0)
|
|
yep, I remember problems occuring with the display of rating stars under https
seem to have vanished |
||
Sean Trane
Special Collaborator Prog Folk Joined: April 29 2004 Location: Heart of Europe Status: Offline Points: 19630 |
Post Options
Thanks(0)
|
|
TBH, I wonder why he hasn't upgradfed to https years ago. This probably would've avoided the painful craptcha episode. |
||
Luis de Sousa
Forum Senior Member Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
Post Options
Thanks(0)
|
|
That address is currently returning a 522 error (connection timeout). It looks like HTTP is the only thing working at the moment. Thanks for the info in any case.
|
||
Shadowyzard
Forum Senior Member Joined: February 24 2020 Location: Davutlar Status: Offline Points: 4506 |
Post Options
Thanks(0)
|
|
Prog is meant to be labyrinthine and adventurous. So the lack of security adds the necessary uncanny air to the concept.
|
||
Vompatti
Forum Senior Member VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67382 |
Post Options
Thanks(0)
|
|
Didn't https at least partly work before the weekend though? I got the "not secure" warning for most but not all of the forum pages but in either case the page loaded fine.
|
||
chopper
Special Collaborator Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 19952 |
Post Options
Thanks(0)
|
|
I was getting this earlier but it seems to be ok now
|
||
mike.bo
Forum Newbie Joined: October 11 2020 Location: Chicago Status: Offline Points: 1 |
Post Options
Thanks(0)
|
|
None of our DJs at progrock.com can perform searches or view discographies, and we have staff around the world using many different browsers - Brave, Chrome, Firefox, et al. Everyone is getting Error 522, Connection timed out. It appears to have been broken since Saturday. Just FYI...
Regards, mikebo
Edited by mike.bo - October 12 2020 at 12:48 |
||
I prophesy disaster
Forum Senior Member Joined: December 31 2017 Location: Australia Status: Offline Points: 4597 |
Post Options
Thanks(0)
|
|
I am finding that if I search for an artist on the home page, then click on the discography and reviews link for that artist on the search result page, I get an error 522. However, if I copy the URL underneath the discography and reviews link, past it into the address bar, and change the https to http, it works.
|
||
No, I know how to behave in the restaurant now, I don't tear at the meat with my hands. If I've become a man of the world somehow, that's not necessarily to say I'm a worldly man.
|
||
Catcher10
Forum Senior Member VIP Member Joined: December 23 2009 Location: Emerald City Status: Offline Points: 17508 |
Post Options
Thanks(0)
|
|
^ Sounds like a lot of unnecessary work to use the website........
|
||
|
||
Luis de Sousa
Forum Senior Member Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
Post Options
Thanks(0)
|
|
That should not happen. I tried it myself and get the 522 all the same. I suspect your browser is doing something there behind the scenes. The report from Digicert is below. Beyond the 522 it also reports a vulnerability to Heartbleed. |
||
Meltdowner
Special Collaborator Honorary Collaborator Joined: June 25 2013 Location: Portugal Status: Offline Points: 10215 |
Post Options
Thanks(0)
|
|
So now the site redirects from https to http
|
||
Catcher10
Forum Senior Member VIP Member Joined: December 23 2009 Location: Emerald City Status: Offline Points: 17508 |
Post Options
Thanks(0)
|
|
|
||
|
||
Vompatti
Forum Senior Member VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67382 |
Post Options
Thanks(0)
|
|
|
||
Vompatti
Forum Senior Member VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67382 |
Post Options
Thanks(0)
|
|
Regarding this, is it really a good idea to change your password now that you're forced to send it over unencrypted? Unless it will be stored as plain text anyway, which wouldn't surprise me.
|
||
nick_h_nz
Collaborator Prog Metal / Heavy Prog Team Joined: March 01 2013 Location: Suffolk, UK Status: Offline Points: 6737 |
Post Options
Thanks(0)
|
|
That’s exactly why I haven’t bothered changing my password. As long as this site is running on http and not https, then I may as well keep the password I have. Any change to a new one is really no more secure.
|
||
Post Reply | Page 12> |
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |