Jump to content
Model Cars Magazine Forum

Recommended Posts

Posted
7 minutes ago, Rob Hall said:

That's just a message to indicate the site is using HTTP and not HTTPS.  

Since you're in the IT biz, why don't you explain to (probably) a lot of those here who don't know exactly what that means?

Posted (edited)

Long story short, traffic from your browser to and from this website is in the clear (using the http protocol, usually on port 80) and not encrypted (using https which is http with SSL end-to-end encryption and usually on port 443).  Usually not a problem that traffic is in the clear on an information-only site like this, since we aren't buying products on here like on a site like eBay or Amazon.    

I've noticed that most web browsers have been making it more apparent lately if you are on a site that is using http by showing a lock symbol w/ a red slash through it or saying 'Not Secure'.    For example, Firefox shows the lock symbol for this website, while Safari and Chrome say 'Not Sucure' in the title bar.

Edited by Rob Hall
Posted

We’ve made some improvements, but many of the links in the content are not secure, so that also triggers the warning. 

Given the nature of the information on this site, it isn’t a serious problem unless you live someplace where building model cars is illegal. 

Posted
On 4/5/2019 at 10:47 AM, Dave Ambrose said:

Given the nature of the information on this site, it isn’t a serious problem unless you live someplace where building model cars is illegal. 

Username/password will always be a problem, and let's not assume everyone will use a separate username password combo for every web site they sign in to.

Can't we just get a Let's Encrypt cert?  It is free.

Posted

I suspect its more than getting the cert thats involved in making the site secure. Really poor practice to use the same password and user id for multiple sites particularly for banking and other sites that have financial transactions.

Posted

We moved the NNL East and TSSMCC sites, all on one account, to the https server at our service provider.  It costs a bit more. We did so because we kept having to remove bits of malware placed on our sites. No problem since!

Posted
On 5/8/2019 at 10:47 PM, fumi said:

Username/password will always be a problem, and let's not assume everyone will use a separate username password combo for every web site they sign in to.

Can't we just get a Let's Encrypt cert?  It is free.

I'm working on it. In our case, it's more complicated than I'd like it to be. The login information is secured. The passwords are encrypted in the database, and secure connections are used for the login sequence. Some of the content isn't encrypted which, generates the Not Secure warning. 

Posted (edited)
17 minutes ago, Dave Ambrose said:

Problem fixed. You shouldn't see that message any more. Please let me know if you do, and on what page. 

Not sure which message you are referring to, but I still see the 'Not Secure' before the URL on Safari and Chrome.   And the 'this connection is not secure' warning in the username and password fields when logging in on Firefox. 

Edited by Rob Hall
Posted (edited)

Dave, I'm still seeing  "Not Secure" in Google Chrome for the message board.

I am seeing it for the modelcars.com site. I believe Gregg has that set up on GoDaddy, as are the NNL East family sites.  I was able to easily do it in their C Server environment as you have.

Isn't the message board on another company's server "Envision Communities"? They may need to do that change over.

 

Edited by Tom Geiger

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...