sjordan2 Posted May 1, 2019 Posted May 1, 2019 Just today, my browser is saying this site is not secure. (???)
Rob Hall Posted May 1, 2019 Posted May 1, 2019 That's just a message to indicate the site is using HTTP and not HTTPS.
Ace-Garageguy Posted May 1, 2019 Posted May 1, 2019 On 5/1/2019 at 5:45 PM, Rob Hall said: That's just a message to indicate the site is using HTTP and not HTTPS. Expand Since you're in the IT biz, why don't you explain to (probably) a lot of those here who don't know exactly what that means?
Rob Hall Posted May 1, 2019 Posted May 1, 2019 (edited) Long story short, traffic from your browser to and from this website is in the clear (using the http protocol, usually on port 80) and not encrypted (using https which is http with SSL end-to-end encryption and usually on port 443). Usually not a problem that traffic is in the clear on an information-only site like this, since we aren't buying products on here like on a site like eBay or Amazon. I've noticed that most web browsers have been making it more apparent lately if you are on a site that is using http by showing a lock symbol w/ a red slash through it or saying 'Not Secure'. For example, Firefox shows the lock symbol for this website, while Safari and Chrome say 'Not Sucure' in the title bar. Edited May 1, 2019 by Rob Hall
Dave Ambrose Posted May 4, 2019 Posted May 4, 2019 We’ve made some improvements, but many of the links in the content are not secure, so that also triggers the warning. Given the nature of the information on this site, it isn’t a serious problem unless you live someplace where building model cars is illegal.
fumi Posted May 9, 2019 Posted May 9, 2019 On 5/4/2019 at 2:47 AM, Dave Ambrose said: Given the nature of the information on this site, it isn’t a serious problem unless you live someplace where building model cars is illegal. Expand Username/password will always be a problem, and let's not assume everyone will use a separate username password combo for every web site they sign in to. Can't we just get a Let's Encrypt cert? It is free.
bobthehobbyguy Posted May 10, 2019 Posted May 10, 2019 I suspect its more than getting the cert thats involved in making the site secure. Really poor practice to use the same password and user id for multiple sites particularly for banking and other sites that have financial transactions.
Tom Geiger Posted May 10, 2019 Posted May 10, 2019 We moved the NNL East and TSSMCC sites, all on one account, to the https server at our service provider. It costs a bit more. We did so because we kept having to remove bits of malware placed on our sites. No problem since!
Dave Ambrose Posted May 10, 2019 Posted May 10, 2019 On 5/9/2019 at 5:47 AM, fumi said: Username/password will always be a problem, and let's not assume everyone will use a separate username password combo for every web site they sign in to. Can't we just get a Let's Encrypt cert? It is free. Expand I'm working on it. In our case, it's more complicated than I'd like it to be. The login information is secured. The passwords are encrypted in the database, and secure connections are used for the login sequence. Some of the content isn't encrypted which, generates the Not Secure warning.
Rob Hall Posted May 13, 2019 Posted May 13, 2019 (edited) On 5/13/2019 at 11:31 PM, Dave Ambrose said: Problem fixed. You shouldn't see that message any more. Please let me know if you do, and on what page. Expand Not sure which message you are referring to, but I still see the 'Not Secure' before the URL on Safari and Chrome. And the 'this connection is not secure' warning in the username and password fields when logging in on Firefox. Edited May 13, 2019 by Rob Hall
Dave Ambrose Posted May 14, 2019 Posted May 14, 2019 Well shoot. It wasn't showing up earlier. Now it is. Back to the drawing board.
Tom Geiger Posted May 14, 2019 Posted May 14, 2019 (edited) Dave, I'm still seeing "Not Secure" in Google Chrome for the message board. I am seeing it for the modelcars.com site. I believe Gregg has that set up on GoDaddy, as are the NNL East family sites. I was able to easily do it in their C Server environment as you have. Isn't the message board on another company's server "Envision Communities"? They may need to do that change over. Edited May 14, 2019 by Tom Geiger
Rob Hall Posted May 14, 2019 Posted May 14, 2019 (edited) I see it in the browsers if I go to http://www.modelcarsmag.com/forums, not seeing it with https urls (such as https://modelcarsmag.com or https://www.modelcarsmag.com/forums). I think you need to set up a web server http redirect to the https url. Edited May 14, 2019 by Rob Hall
Dave Ambrose Posted May 15, 2019 Posted May 15, 2019 On 5/14/2019 at 12:58 AM, Rob Hall said: I see it in the browsers if I go to http://www.modelcarsmag.com/forums, not seeing it with https urls (such as https://modelcarsmag.com or https://www.modelcarsmag.com/forums). I think you need to set up a web server http redirect to the https url. Expand Yup. Was working on that today. Turns out to be more complicated than I’d like it to be.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now