Login not secure (over plain HTTP)

Status
This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.
Member
Joined 2011
Paid Member
Here is what I see:

_
attachment.php
 

Attachments

  • firefox.png
    firefox.png
    145.6 KB · Views: 257
 

Pano said:
I am also seeing this. We will have the backroom guys have a look at it. Nothing here has changed, as far as I know. Firefox seems to be the change.
Yes they are trying to scare people FOR NO REASON!!!!!



ALL SITES ARE NOT SECURE.... Even with HTTPS,the elite can still see everything!!

I hate firefox,always have...... DONT LISTEN TO THIER SCARE TACTICS PLEASE GUYS!!


One VBB site I am on does have an HTTPS layer so if ppl want to use HTTPS they can (And the site stays in an HTTPS session) but they dont force it because it causes all kinds of connection problems for older browsers,etc........... (Unless RC4 is enabled)
 
Last edited:
Administrator
Joined 2004
Paid Member
Any site that does not use https seems to generate this warning IMLE with the latest version of FF. They should allow you to turn off this nag through the options dialog but they don't. They could have been cleverer and just flashed green for https and yellow for http. The fact that it seems to be less and less compatible with a lot of the web based tools I use at work in particular is forcing me back to microsoft.
 
You can easily disable it in Firefox 52.
(1) type about:config into the navigation bar.
(2) accept the risk
(3) search for the preference security.insecure_field_warning.contextual.enabled
(4) double-click on it to change the value to false
(5) restart Firefox.

The warning will be gone.
 
Ya I did like firefox V1.5 but it went downhill FAST and now is just over bloated garbage and its sad........ A program go from something SO GOOD to crap. (Although the same thing happend with MyIE -- It was a gorgeous IE Wrapper and became crap (Last version of "MyIE2" is the last good version (Before name change to Maxthon))
 
Invalid certificate?

I dug a bit further. If one attempts to login securely (i.e. https://www.diyaudio...etc.), more information appears. Firefox finds an invalid security certificate, apparently an unfinished dummy, based on the data (company = "My Company", expiration date 2010). Could this have anything to do with Firefox throwing the warning?


"www.diyaudio.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name www.diyaudio.com. The certificate expired on Saturday, January 9, 2010 5:15 AM. The current time is Wednesday, April 5, 2017 10:29 PM. Error code: SEC_ERROR_UNKNOWN_ISSUER"

A screenshot of the certificate data is attached.
 

Attachments

  • diyaudio_certificate.jpg
    diyaudio_certificate.jpg
    34.9 KB · Views: 113
Just another Moderator
Joined 2003
Paid Member
The site has never had https it has always been insecure.

Just a word of advice for anyone using any internet service. Do NOT use the same password everywhere. Especially do not use a password that you use for secure transactions, eg paypal, banking, whatever on any other site!!

You should consider any site you login to with http (does not show the little padlock beside the url) as being completely insecure and those login details easily captured.

Tony.
 
Switches things on and off again
Joined 2000
Paid Member
FYI, we'll be upgrading to HTTPS in the near future. A lot has changed since the site was set up initially, and IIRC we didn't bake in HTTPS to our Apache config in order to help keep the site as fast as possible and take encryption load off the server. That's not really a consideration these days, so we'll definitely implement HTTPS as soon as we get a chance.
 
 

Jason said:
FYI, we'll be upgrading to HTTPS in the near future. A lot has changed since the site was set up initially, and IIRC we didn't bake in HTTPS to our Apache config in order to help keep the site as fast as possible and take encryption load off the server. That's not really a consideration these days, so we'll definitely implement HTTPS as soon as we get a chance.
Please dont force it Jason...

Some browsers will not be able to directly connect if you only allow HTTPS.... Its not needed on a site like this!!!!

cellar.org has an HTTPS layer but they also allow http:// for those who cant or dont want to use HTTPS there........
 
FYI, we'll be upgrading to HTTPS in the near future. A lot has changed since the site was set up initially, and IIRC we didn't bake in HTTPS to our Apache config in order to help keep the site as fast as possible and take encryption load off the server. That's not really a consideration these days, so we'll definitely implement HTTPS as soon as we get a chance.
Any update on this?
 
Status
This old topic is closed. If you want to reopen this topic, contact a moderator using the "Report Post" button.