Forum "not secure"?

Started by Papyrus, October 07, 2018, 05:07:23 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Papyrus

Hello technical people,

I've just spotted that the customary padlock is missing from the website address bar when I am on the forum. Instead I have a message saying "Not secure". Any other website seems OK. I've tried closing the forum page and re-opening it but it's still there. Should I panic, and is anybody else getting this?

Cheers,

Chris

Newportnobby

I see this all the time, Chris, and I believe it is being worked on by the Admin team @Tank . I'm a member of the Kawasaki Club forum and that is the same.

ntpntpntp

Not worth worrying about, it's not like you're entering your card details and address stuff on this site?  When you enter your password that bit is secured.

The way things are going though, sites are generally moving to using https even when it's not strictly necessary. Browsers are starting to flag up non-https usage more than they used to.   As NPN says, this site will probably move over to be totally https at some point.
Nick.   2021 celebrating the 25th anniversary of "Königshafen" exhibition layout!
https://www.ngaugeforum.co.uk/SMFN/index.php?topic=50050.0

MJKERR

Quote from: ntpntpntp on October 07, 2018, 05:54:33 PMWhen you enter your password that bit is secured
Partially correct, the password is converted into Base64 but is still transmitted unsecurely

Simply change the url to begin https manually
As the forum software uses short URL on most links it will be retained
The change is simple in the admin area

ntpntpntp

Quote from: MJKERR on October 07, 2018, 06:43:15 PM
Quote from: ntpntpntp on October 07, 2018, 05:54:33 PMWhen you enter your password that bit is secured
Partially correct, the password is converted into Base64 but is still transmitted unsecurely
Hmm you're quite correct. I hadn't checked the form action. That is naughty, other sites at least https the login.   Not that it really matters for a forum I suppose.
Nick.   2021 celebrating the 25th anniversary of "Königshafen" exhibition layout!
https://www.ngaugeforum.co.uk/SMFN/index.php?topic=50050.0

MJKERR

#5
Quote from: ntpntpntp on October 07, 2018, 07:28:55 PMThat is naughty, other sites at least https the login.   Not that it really matters for a forum I suppose.
That is because it is a legal requirement, and has been for some time (October 2017)
If a website is classed as commercial, so obtaining any personal and input information requires the use of SSL (https)
That is why the majority of browsers now give this warning, as a text transmission has been detected

Equally, the webhost should have noticed this and issued notice to the website provider
Not popular but I did this to a few of my customers at the end of last year, advising them they had now received notice and the business would not be liable

On the other side of the coin, the legislation is aimed at large businesses that failed to comply
Equally for a smaller business, if there is a data breach the website provider may be liable

Papyrus

Thanks for the replies. I wasn't really worried - it's just that I had never seen "Not secure" actually written out before and I assumed it was new.

Cheers,

Chris

Tank

It's a work in progress I'm afraid.  Lots of things to change on the forum. :-\

mickster04

At least the forum supports https, some websites i've seen just throw an error when you try https!

I recommend you update your bookmarks to https, then you won't be using the unsecure website, all the links stay on https if that's where you start.

there is a warning with https on the forum because (i think) profile pics are force loaded from http but that's only a problem if you expect the profile pics to matter much!

Please Support Us!
March Goal: £100.00
Due Date: Mar 31
Total Receipts: £77.34
Below Goal: £22.66
Site Currency: GBP
77% 
March Donations