Unsecure login notification

This forum is for suggestions and discussion about this site. What would you like to see?

Moderators: 52D, Tom F, Rlangham, Atlantic 3279, Blink Bonny, Saint Johnstoun, richard

Post Reply
User avatar
Dave
LNER A4 4-6-2 'Streak'
Posts: 1671
Joined: Sat Nov 13, 2010 9:33 pm
Location: Centre of the known universe York

Unsecure login notification

Post by Dave »

Richard.
I get this message in firefox for both user name and password.
Pic attached for your info.
Attachments
Untitled.jpg
User avatar
richard
LNER A4 4-6-2 'Streak'
Posts: 3385
Joined: Thu Sep 01, 2005 5:11 pm
Location: Wichita Falls, Texas
Contact:

Re: Unsecure login notification

Post by richard »

Yes it is because we still aren't using SSL. There has been no change to the site, just certain organisations (Google are another) are pushing for greater use of SSL.

A good SSL license costs a bit - especially if I was to multiply it across my websites. The Electronic Frontier Foundation offer some for free that don't offer full id information - and that might be an option. However it has been shown that a lot of scammers use the free EFF licenses - that defeats the identity side of things, although the improved in-transit security should be no different.

There is also the issue that the bulletin software would need to be updated to work with a certificate. Definitely possible but Here be Dragons! It could be a hairy experience! Also it would make sense if the entire site was converted at the same time. All those http:// refs would have to auto-forward to https://

As it happens only a few days I was thinking about looking at SSL again - and despite the hurdles, there is some logic to starting with the lner.info website as a guinea pig.
Richard Marsden
LNER Encyclopedia
User avatar
richard
LNER A4 4-6-2 'Streak'
Posts: 3385
Joined: Thu Sep 01, 2005 5:11 pm
Location: Wichita Falls, Texas
Contact:

Re: Unsecure login notification

Post by richard »

By coincidence, my webhost have just introduced a $10 SSL certificate that was announced today. Even if this offers no more than the free EFF certificates, the $10 would be worth it for the integration/etc (it is very easy to get SSL installation wrong).

Continuing to investigate but it is likely that I'll be installing this in a few weeks time.
Richard Marsden
LNER Encyclopedia
User avatar
richard
LNER A4 4-6-2 'Streak'
Posts: 3385
Joined: Thu Sep 01, 2005 5:11 pm
Location: Wichita Falls, Texas
Contact:

Re: Unsecure login notification

Post by richard »

SSL/https installed!

For secure login, use: https://www.lner.info/forums/

Your browser will probably show an exclamation mark next to the 'padlock' symbol for SSL: This is because not everything is currently using https - eg. static images and style sheets. Also some images are not currently appearing - I think this is a template issue (I think it is explicitly set to use insecure http ).

Working on it but it might take a few days.
Once I'm happy that most things are working, I'll add a redirect so if you enter "http://" it will forward to the secure version.

Also I should apply the latest set of site upgrades. The site may go down a few times over the next few hours/days, as I do all this.
Richard Marsden
LNER Encyclopedia
User avatar
Dave
LNER A4 4-6-2 'Streak'
Posts: 1671
Joined: Sat Nov 13, 2010 9:33 pm
Location: Centre of the known universe York

Re: Unsecure login notification

Post by Dave »

Thank you Richard, that explains a lot.
Sorry for the late reply I've been on my hols.
Post Reply