Site not secure?
Site not secure?
My iPad has been telling me this site is not secure for a while now. I don’t log in much because of it.
If you're wielding the sharpest tool in the shed, who's going to say that you aren't...?
Re: Site not secure?
Hey, spyderg:
I'm not seeing anything like that but I'm on desktop or Android devices. Could you post a screenshot?
Kristi
There is nothing more important than this one day.
Re: Site not secure?
Hi Kristi,
I saw spyderg's post the other day. I looked into it and saw that my browser (Chrome) said the forum was indeed unsecured (http not https) and didn't think much of it. I figured as long as users weren't entering personal info here why should it matter? The main Spyderco site is secured which makes sense.
I can see this same site info on my PC with Chrome or Firefox and with same browsers on my Android devices. From Chrome on my tablet, there's a little "i" in a circle (information?) in the address bar (finding this is a little different on my phone). When you touch it a little pop up message shows that the site an unsecured (http) address. See the screenshot below.
What interesting is that with Firefox I get basically the same message but it shows that the site is a "https" site but parts ("such as images") are unsecured.
What's more interesting is that the stock Android browser shows that the site is secure. However, if I click "view certificate" it does say that my connection to the site is not private.
I saw spyderg's post the other day. I looked into it and saw that my browser (Chrome) said the forum was indeed unsecured (http not https) and didn't think much of it. I figured as long as users weren't entering personal info here why should it matter? The main Spyderco site is secured which makes sense.
I can see this same site info on my PC with Chrome or Firefox and with same browsers on my Android devices. From Chrome on my tablet, there's a little "i" in a circle (information?) in the address bar (finding this is a little different on my phone). When you touch it a little pop up message shows that the site an unsecured (http) address. See the screenshot below.
What interesting is that with Firefox I get basically the same message but it shows that the site is a "https" site but parts ("such as images") are unsecured.
What's more interesting is that the stock Android browser shows that the site is secure. However, if I click "view certificate" it does say that my connection to the site is not private.
Of all the things I've lost I miss my mind the most!
Re: Site not secure?
I suspect that your browsers are complaining about things such as 3rd party hosted images, which are part of what can in the HTTPS standard is "mixed content" , so that if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, content is deemed “mixed”. The page is only partially encrypted.
"You never know what lonesome is, 'til you get to herdin' cows"
- MichaelScott
- Member
- Posts: 3008
- Joined: Mon Apr 13, 2015 11:42 am
- Location: Southern Colorado
Re: Site not secure?
Sounds right to me (an old tech geek). My Safari browsers don’t flag it.flasharry wrote: ↑Mon Sep 17, 2018 9:23 amI suspect that your browsers are complaining about things such as 3rd party hosted images, which are part of what can in the HTTPS standard is "mixed content" , so that if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, content is deemed “mixed”. The page is only partially encrypted.
Overheard at the end of the ice age, “We’ve been having such unnatural weather.”
http://acehotel.blog
Team Innovation
http://acehotel.blog
Team Innovation
Re: Site not secure?
If you're wielding the sharpest tool in the shed, who's going to say that you aren't...?
Re: Site not secure?
I noticed on my phone yesterday a little circle with a lower case i inside it on the left of the site address, so I clicked it and it said my connection is not secured. Kinda interesting. I also get the same message on Firefox (also from Android) and on Chrome on my PC.
All SE all the time since 2017
~David
~David
Re: Site not secure?
David,
We don't enforce https on the forum because there aren't any transactions that take place here. I have been able to duplicate what some are seeing but it's due to images on the forum that are hosted elsewhere (just as Michael said above). The site is secure as is the forum. We force the https protocol on the main site but essentially it's overkill on the forum.
We don't enforce https on the forum because there aren't any transactions that take place here. I have been able to duplicate what some are seeing but it's due to images on the forum that are hosted elsewhere (just as Michael said above). The site is secure as is the forum. We force the https protocol on the main site but essentially it's overkill on the forum.
There is nothing more important than this one day.
- SpyderEdgeForever
- Member
- Posts: 6353
- Joined: Mon Jul 23, 2012 6:53 pm
- Location: USA
Re: Site not secure?
Kristi, thank you for this explanation because I was wondering along those same lines.
And here is a related question: From what you know, is this true? Someone told me that if a person is making any sort of online financial transaction when purchasing a product such as a knife or anything else from an internet retailer, they should close all other windows and browser windows they have open, except for the secured online purchase window, because, according to this person, hackers can somehow
"piggy back" on other windows, and steal the person's credit card or other personal information. Have you ever heard anything like that?
And so, does this mean that before a person purchases something online, they should first close the window to the Spyderco forum website?
And here is a related question: From what you know, is this true? Someone told me that if a person is making any sort of online financial transaction when purchasing a product such as a knife or anything else from an internet retailer, they should close all other windows and browser windows they have open, except for the secured online purchase window, because, according to this person, hackers can somehow
"piggy back" on other windows, and steal the person's credit card or other personal information. Have you ever heard anything like that?
And so, does this mean that before a person purchases something online, they should first close the window to the Spyderco forum website?