Forum Home Forum Home > Site News, Newbies, Help and Improvements > Help us improve the site
  New Posts New Posts RSS Feed - Securing PA with HTTPS
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Securing PA with HTTPS
 Post Reply Post Reply Page  12>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
Luis de Sousa View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: April 17 2008
Location: Wageningen
Status: Offline
Points: 160 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Luis de Sousa Quote  Post ReplyReply Direct Link To This Post Topic: Securing PA with HTTPS
    Posted: October 07 2020 at 00:27
Hi all,

as you may have noticed, every time you log on to PA from Chromium or Firefox, the browser warns you that the site is not secure. This happens because PA still functions on the old HTTP protocol, without encryption. The passwords are sent in clear text to the server and can easily be intercepted. A few more technical details in the post below:
https://serverguy.com/ssl/google-forcing-ssl-certificate-websites/

Google and Mozilla have started flagging all websites using the old protocol as insecure a couple of years ago and there are persistent rumors about their browsers will blocking insecure websites altogether in the near future.

Is the admin team working to set up HTTPS for PA? Or is there another plan in place?

Thank you.
Music musings | Last.fm profile
Back to Top
DamoXt7942 View Drop Down
Forum & Site Admin Group
Forum & Site Admin Group
Avatar
Avant/Cross/Neo/Post Teams

Joined: October 15 2008
Location: Okayama, Japan
Status: Offline
Points: 17486 		Post Options Post Options   Thanks (0) Thanks(0)   Quote DamoXt7942 Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 00:44
Only the Owner M@X can deal with this issue. We Admins cannot do anything, sadly. Unhappy
Back to Top
chopper View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: July 13 2005
Location: Essex, UK
Status: Offline
Points: 19952 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chopper Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 03:16
Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com.
Back to Top
DamoXt7942 View Drop Down
Forum & Site Admin Group
Forum & Site Admin Group
Avatar
Avant/Cross/Neo/Post Teams

Joined: October 15 2008
Location: Okayama, Japan
Status: Offline
Points: 17486 		Post Options Post Options   Thanks (0) Thanks(0)   Quote DamoXt7942 Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 03:26
^ Wow ... not realized until now. Shocked
Back to Top
Meltdowner View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: June 25 2013
Location: Portugal
Status: Offline
Points: 10215 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Meltdowner Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 04:18
It only lacks a redirect rule then. M@x could do that in a minute.
Back to Top
Rivertree View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Band Submissions

Joined: March 22 2006
Location: Germany
Status: Offline
Points: 17584 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Rivertree Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 04:45
yep, I remember problems occuring with the display of rating stars under https
seem to have vanished


Back to Top
Sean Trane View Drop Down
Special Collaborator
Special Collaborator

Prog Folk

Joined: April 29 2004
Location: Heart of Europe
Status: Offline
Points: 19630 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Trane Quote  Post ReplyReply Direct Link To This Post Posted: October 07 2020 at 05:16
Originally posted by DamoXt7942 DamoXt7942 wrote:

Only the Owner M@X can deal with this issue. We Admins cannot do anything, sadly. Unhappy


TBH, I wonder why he hasn't upgradfed to https years ago.

This probably would've avoided the painful craptcha episode.


Back to Top
Luis de Sousa View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: April 17 2008
Location: Wageningen
Status: Offline
Points: 160 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Luis de Sousa Quote  Post ReplyReply Direct Link To This Post Posted: October 10 2020 at 09:21
Originally posted by chopper chopper wrote:

Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com.


That address is currently returning a 522 error (connection timeout). It looks like HTTP is the only thing working at the moment. Thanks for the info in any case.
Music musings | Last.fm profile
Back to Top
Shadowyzard View Drop Down
Forum Senior Member
Forum Senior Member


Joined: February 24 2020
Location: Davutlar
Status: Offline
Points: 4506 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Shadowyzard Quote  Post ReplyReply Direct Link To This Post Posted: October 10 2020 at 09:29
Prog is meant to be labyrinthine and adventurous. So the lack of security adds the necessary uncanny air to the concept. Evil Smile
Back to Top
Vompatti View Drop Down
Forum Senior Member
Forum Senior Member
Avatar
VIP Member

Joined: October 22 2005
Location: elsewhere
Status: Offline
Points: 67382 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Vompatti Quote  Post ReplyReply Direct Link To This Post Posted: October 12 2020 at 10:57
Didn't https at least partly work before the weekend though? I got the "not secure" warning for most but not all of the forum pages but in either case the page loaded fine.
Back to Top
chopper View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: July 13 2005
Location: Essex, UK
Status: Offline
Points: 19952 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chopper Quote  Post ReplyReply Direct Link To This Post Posted: October 12 2020 at 12:35
Originally posted by Luis de Sousa Luis de Sousa wrote:

Originally posted by chopper chopper wrote:

Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com.


That address is currently returning a 522 error (connection timeout). It looks like HTTP is the only thing working at the moment. Thanks for the info in any case.


I was getting this earlier but it seems to be ok now
Back to Top
mike.bo View Drop Down
Forum Newbie
Forum Newbie
Avatar

Joined: October 11 2020
Location: Chicago
Status: Offline
Points: 1 		Post Options Post Options   Thanks (0) Thanks(0)   Quote mike.bo Quote  Post ReplyReply Direct Link To This Post Posted: October 12 2020 at 12:41
None of our DJs at progrock.com can perform searches or view discographies, and we have staff around the world using many different browsers - Brave, Chrome, Firefox, et al.  Everyone is getting Error 522, Connection timed out. It appears to have been broken since Saturday. Just FYI...
Regards,
mikebo


Edited by mike.bo - October 12 2020 at 12:48
Back to Top
I prophesy disaster View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: December 31 2017
Location: Australia
Status: Offline
Points: 4597 		Post Options Post Options   Thanks (0) Thanks(0)   Quote I prophesy disaster Quote  Post ReplyReply Direct Link To This Post Posted: October 12 2020 at 13:42
I am finding that if I search for an artist on the home page, then click on the discography and reviews link for that artist on the search result page, I get an error 522. However, if I copy the URL underneath the discography and reviews link, past it into the address bar, and change the https to http, it works.
 
 
No, I know how to behave in the restaurant now, I don't tear at the meat with my hands. If I've become a man of the world somehow, that's not necessarily to say I'm a worldly man.
Back to Top
Catcher10 View Drop Down
Forum Senior Member
Forum Senior Member
Avatar
VIP Member

Joined: December 23 2009
Location: Emerald City
Status: Offline
Points: 17508 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Catcher10 Quote  Post ReplyReply Direct Link To This Post Posted: October 12 2020 at 22:17
^ Sounds like a lot of unnecessary work to use the website........Wacko
Back to Top
Luis de Sousa View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: April 17 2008
Location: Wageningen
Status: Offline
Points: 160 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Luis de Sousa Quote  Post ReplyReply Direct Link To This Post Posted: October 13 2020 at 08:40
Originally posted by I prophesy disaster I prophesy disaster wrote:

I am finding that if I search for an artist on the home page, then click on the discography and reviews link for that artist on the search result page, I get an error 522. However, if I copy the URL underneath the discography and reviews link, past it into the address bar, and change the https to http, it works.


That should not happen. I tried it myself and get the 522 all the same. I suspect your browser is doing something there behind the scenes.

The report from Digicert is below. Beyond the 522 it also reports a vulnerability to Heartbleed.
Music musings | Last.fm profile
Back to Top
Meltdowner View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: June 25 2013
Location: Portugal
Status: Offline
Points: 10215 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Meltdowner Quote  Post ReplyReply Direct Link To This Post Posted: October 20 2020 at 05:37
So now the site redirects from https to http Confused
Back to Top
Catcher10 View Drop Down
Forum Senior Member
Forum Senior Member
Avatar
VIP Member

Joined: December 23 2009
Location: Emerald City
Status: Offline
Points: 17508 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Catcher10 Quote  Post ReplyReply Direct Link To This Post Posted: October 20 2020 at 09:07
Originally posted by Catcher10 Catcher10 wrote:

^ Sounds like a lot of unnecessary work to use the website........Wacko
Back to Top
Vompatti View Drop Down
Forum Senior Member
Forum Senior Member
Avatar
VIP Member

Joined: October 22 2005
Location: elsewhere
Status: Offline
Points: 67382 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Vompatti Quote  Post ReplyReply Direct Link To This Post Posted: October 29 2020 at 09:29
Originally posted by Meltdowner Meltdowner wrote:

So now the site redirects from https to http Confused
A little extra excitement for those logging in during the spooky season! Shocked
Back to Top
Vompatti View Drop Down
Forum Senior Member
Forum Senior Member
Avatar
VIP Member

Joined: October 22 2005
Location: elsewhere
Status: Offline
Points: 67382 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Vompatti Quote  Post ReplyReply Direct Link To This Post Posted: November 24 2020 at 12:45
Regarding this, is it really a good idea to change your password now that you're forced to send it over unencrypted? Unless it will be stored as plain text anyway, which wouldn't surprise me. Ermm
Back to Top
nick_h_nz View Drop Down
Collaborator
Collaborator
Avatar
Prog Metal / Heavy Prog Team

Joined: March 01 2013
Location: Suffolk, UK
Status: Offline
Points: 6737 		Post Options Post Options   Thanks (0) Thanks(0)   Quote nick_h_nz Quote  Post ReplyReply Direct Link To This Post Posted: November 24 2020 at 13:22
That’s exactly why I haven’t bothered changing my password. As long as this site is running on http and not https, then I may as well keep the password I have. Any change to a new one is really no more secure.
Reviewer for The Progressive Aspect
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.135 seconds.
Donate monthly and keep PA fast-loading and ad-free forever.