Citizens of the Imperium

Citizens of the Imperium (http://www.travellerrpg.com/CotI/Discuss/index.php)
-   CotI Website Issues (http://www.travellerrpg.com/CotI/Discuss/forumdisplay.php?f=48)
-   -   New MS Edge says forum is not secure (http://www.travellerrpg.com/CotI/Discuss/showthread.php?t=41187)

Blue Ghost June 22nd, 2020 12:06 AM

New MS Edge says forum is not secure
 
I installed the new version of MS Edge from Microsoft, and I get a little red exclamation point next to a "Not secure" warning in the address bar.

Has this always been the case? Or should I not worry about it?

AnotherDilbert June 22nd, 2020 03:45 AM

Presumably because the SSL certificate, needed for the encrypted https protocol, is not valid for "www.travellerrpg.com", only for "mail.travellerrpg.com, travellerrpg.com".

Try accessing "travellerrpg.com" instead:
https://travellerrpg.com/CotI/Discuss/

Blue Ghost June 22nd, 2020 08:00 AM

Hmm, it still said not secure, but the red warning thing didn't show up until I started typing this post. Strange. I don't know how important it's not like it's accessing my personal data or anything. Very odd.

AnotherDilbert June 22nd, 2020 09:07 AM

It's just a bit of harassment to force websites to configure https properly.

I believe the drift is towards https by default, but many sites are not ready for that yet. Hence the pressure to get it sorted, before the major browsers switch to https by default, or https only.

http (without -s) is inherently unsafe, anyone with access to the traffic can read and modify it, and use your login session for nefarious purposes, so https by default is a good thing.

Blue Ghost June 22nd, 2020 09:22 AM

Ah, interesting. Thank you for that.

I guess it'll keep out Virus for a while :)

whartung June 22nd, 2020 12:56 PM

Make no mistake, travellerrpg.com IS unsafe. Safari says it's "not secure" as well.

If you click on that little login form with the username/password, it's sent out via HTTP for all the world to see your login credentials.

So, you know, FYI.

BRover July 20th, 2020 04:23 AM

Firefox also notes the login is insecure.

coliver988 July 21st, 2020 11:48 AM

Quote:

Originally Posted by whartung (Post 613767)
Make no mistake, travellerrpg.com IS unsafe. Safari says it's "not secure" as well.

If you click on that little login form with the username/password, it's sent out via HTTP for all the world to see your login credentials.

So, you know, FYI.

which is why you should never re-use login credentials. Not encrypted is not great but it was all we had for a long time in the webs. But as I have here are posts and stuff, the "not safe" is really more of an Amber Travel Zone than a Red Travel Zone.

timerover51 July 21st, 2020 10:53 PM

Safari and FireFox are telling me that a lot of the websites, like Project Gutenberg among others, are not secure. I figure that it is a risk of being online, and I have no idea as to how much is due to changes in the security software in the browsers getting way ahead of the websites.

tjoneslo July 22nd, 2020 07:12 AM

There are two sources to this "not secure" warning.

The first is the "https" (secure http) everywhere initiative being driven by Mozilla (firefox) and Google (chrome). The idea is to achieve exactly what is being done here. The browsers complain to the users that their favorite site using "http" is "insecure", the users complain to the website owners, and the owners then fix the site to use https.

The second is certificate use to secure the "https" is out of date or not issued by a trusted issuer. There is a similar idea here about the feedback loop. There are a few free certificate issuers, but most cost $100+ per year to keep up-to-date, assuming your ISP allows the process to be automated.

CotI is of the first type, it still uses "http". This requires server side configuration to fix.

Sooner or later Firefox and/or chrome will start to refuse to connect to these http site.


All times are GMT -4. The time now is 07:29 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2010-2013, Far Future Enterprises. All Rights Reserved.