| Previous :: Next Topic |
| Author |
Message |
Malachai Constant
Member
Joined: 13 Jan 2002
Posts: 15840 | TRs | Pics
Location: Back Again Like A Bad Penny |
I recently upgraded my Apple devices to iOS 12.2 and now getting this warning in the url window. I do not know if this is in regard to the SSL Certificate already mentioned. First time I have seen it. I always wait a couple weeks before upgrading to check for bugs.
"You do not laugh when you look at the mountains, or when you look at the sea." Lafcadio Hearn
"You do not laugh when you look at the mountains, or when you look at the sea." Lafcadio Hearn
|
| Back to top |
  
|
|
Tom
Admin
Joined: 15 Dec 2001
Posts: 17457 | TRs | Pics
|
|
Tom
Admin
|
 Mon Apr 08, 2019 11:32 am |
|
|
I'm guessing it's the lack of https. Oh noes!
|
| Back to top |
|
|
Alpine Pedestrian
Member
Joined: 24 May 2007
Posts: 184 | TRs | Pics
Location: Stevens Pass |
Same here. I've been getting the not secure notice for several days.
|
| Back to top |
|
|
Tom
Admin
Joined: 15 Dec 2001
Posts: 17457 | TRs | Pics
|
|
Tom
Admin
|
Mon Apr 08, 2019 5:26 pm |
|
|
There is probably a setting to turn it off or tone down the warning message. I still haven't seen a compelling reason why sites like this need SSL encryption so not a priority to add it anytime soon.
|
| Back to top |
|
|
neek
Member
Joined: 12 Sep 2011
Posts: 2219 | TRs | Pics
Location: Seattle, WA |
|
neek
Member
|
Mon Apr 08, 2019 8:22 pm |
|
|
Because people are lazy use the same password on multiple sites.
|
| Back to top |
|
|
Jaberwock
Member
Joined: 30 Jan 2013
Posts: 722 | TRs | Pics
Location: Bellingham |
Tom thank you for preserving the website. Am concerned it would bog down my Hayes 1200 if you implemented the httpS.
|
| Back to top |
|
|
Tom
Admin
Joined: 15 Dec 2001
Posts: 17457 | TRs | Pics
|
|
Tom
Admin
|
Mon Apr 08, 2019 10:02 pm |
|
|
The plan is to migrate the forum to new software in 2019 which is much higher priority from a security standpoint. Even if we implemented https right now there would still be warning messages due to mixed content (embedded http images). The newer software will play nicer in that regard.
|
| Back to top |
|
|
Brian Curtis
Trail Blazer/HiLaker
Joined: 16 Dec 2001
Posts: 1644 | TRs | Pics
Location: Silverdale, WA |
The mixed content problem can be easily fixed with a simple query or dump, search and replace, and reload. If you will be upgrading the board software it will be a worthwhile goal to implement the ssl certificate at the same time. Depending on your host, the free Lets Encrypt certs can be a good option.
that elitist from silverdale wanted to tell me that all carnes are bad--Studebaker Hoch
 graffiti
that elitist from silverdale wanted to tell me that all carnes are bad--Studebaker Hoch
graffiti
|
| Back to top |
|
|
Joey
verrry senior member
Joined: 05 Jun 2005
Posts: 2700 | TRs | Pics
Location: Redmond |
|
Joey
verrry senior member
|
Tue Apr 09, 2019 10:15 am |
|
|
|
| Back to top |
|
|
Tom
Admin
Joined: 15 Dec 2001
Posts: 17457 | TRs | Pics
|
|
Tom
Admin
|
Tue Apr 09, 2019 1:18 pm |
|
|
| Brian Curtis wrote: | | The mixed content problem can be easily fixed with a simple query or dump, search and replace, and reload. If you will be upgrading the board software it will be a worthwhile goal to implement the ssl certificate at the same time. Depending on your host, the free Lets Encrypt certs can be a good option. |
The majority of thumbnails (roughly a half million) are hosted on another domain without SSL. It isn't practical to pipe the thumbnails (would significantly impact page loads for TRs with lots of images). The plan is to get the forum and images on the same domain when we upgrade the software and add SSL at that time. We could implement SSL for both domains now, but it's a non-trivial effort with trivial benefits (IMHO) so focusing on upgrading to more secure software to better secure the site first.
|
| Back to top |
|
|
Josh Journey
a.k.a Josh Lewis
Joined: 01 Nov 2007
Posts: 4752 | TRs | Pics
|
At home https doesn't do much. However when traveling aboard using a public WiFi I won't login to a website unless it has a https prefix due to cyber interceptions. There are other benefits including search engine optimization boosts. If NWHikers did not have a login it wouldn't matter much.
|
| Back to top |
|
|
TokyoTessie
Member
Joined: 28 Jan 2005
Posts: 480 | TRs | Pics
Location: Back in the shadow of Tahoma again! |
I haven’t been on the NWHikers website for many, many years. Just want to let you know that my very secure router will not let me sign into this website through my home internet, whether it is on my hardwired desktop or wirelessly on my iPhone or iPad. I get this very dire-sounding pop-up which I can’t override, then my Orbi sends me a nasty message. I’m only able to access NWHikers on my phone using cellular data. What’s up with that? Is there something lurking on here? Or just an over-sensitive security system?
|
| Back to top |
|
|
Tom
Admin
Joined: 15 Dec 2001
Posts: 17457 | TRs | Pics
|
|
Tom
Admin
|
Sun Oct 17, 2021 5:07 pm |
|
|
Just means that NWH is using http instead of https so your password could potentially be captured during login. As long as you are not using the same password you use on banking sites I wouldn't worry that much. There's probably a setting on your router to allow you to bypass the warning. Eventually we will switch to https but since we aren't storing medical records, processing financial transactions, etc. it hasn't been a priority.
Josh Journey, TokyoTessie
Josh Journey, TokyoTessie |
| Back to top |
|
|
MCaver
Founder
Joined: 14 Dec 2001
Posts: 5125 | TRs | Pics
|
|
MCaver
Founder
|
Tue Jul 19, 2022 8:25 am |
|
|
HTTPS version of the site is now online.
 Josh Journey
Josh Journey |
| Back to top |
|
|
Josh Journey
a.k.a Josh Lewis
Joined: 01 Nov 2007
Posts: 4752 | TRs | Pics
|
Thank you Tom! 
|
| Back to top |
|
|
|
|
