News:

Poll time! Cast your votes for the best stegosaur toys, the best ceratopsoid toys (excluding Triceratops), and the best allosauroid toys (excluding Allosaurus) of all time! Some of the polls have been reset to include some recent releases, so please vote again, even if you voted previously.

Main Menu

Disclaimer: links to Ebay.com and Amazon.com on the Dinosaur Toy Forum are often affiliate links, when you make purchases through these links we may make a commission.

avatar_mgaguilar

Insecure Connection to DTF

Started by mgaguilar, April 07, 2018, 07:22:41 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions

mgaguilar

April 07, 2018, 07:22:41 AM
I know I probably shouldn't be worried about this, but I was wondering why this site doesn't have a valid security certificate?
It's one of the only sites I visit regularly that does not have one. Not that I have any sensitive information on it.
I have a ton of adware blockers and such installed on my browser, but I am usually pretty careful. Is it necessary to be so on this site?

DinoToyForum

#1
April 07, 2018, 11:18:47 AM Last Edit: April 07, 2018, 11:19:19 AM by dinotoyforum
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

Stuckasaurus (Dino Dad Reviews)

#2
April 07, 2018, 01:55:17 PM
Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

DinoToyForum

#3
April 07, 2018, 02:31:45 PM Last Edit: April 07, 2018, 02:35:05 PM by dinotoyforum
Quote from: Stuckasaurus on April 07, 2018, 01:55:17 PM
Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

Maybe your browser or its settings have been updated?

DinoToyForum

#4
April 07, 2018, 02:41:49 PM
Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?

mgaguilar

#5
April 07, 2018, 04:46:41 PM
Quote from: dinotoyforum on April 07, 2018, 02:41:49 PM
Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?

Yes, following the link from this site, it does appear DTB is the same way.

Thanks for the response. And HUGE respect for you to be organizing this by yourself. Absolutely fantastic work.

Sim

#6
January 16, 2019, 11:49:49 PM
I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

avatar_DinoToyForum @dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

Quote from: dinotoyforum on April 07, 2018, 11:18:47 AM
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

SidB

#7
January 17, 2019, 12:35:39 AM
I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

DinoToyForum

#8
January 17, 2019, 01:11:38 AM
Quote from: Sim on January 16, 2019, 11:49:49 PM
I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

avatar_DinoToyForum @dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

Quote from: dinotoyforum on April 07, 2018, 11:18:47 AM
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

Exactly. It is just your browser recognising that this site is http and not https when you sign in.

DinoToyForum

#9
January 17, 2019, 01:13:20 AM
Quote from: SidB on January 17, 2019, 12:35:39 AM
I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

What's the worst that can happen?

Sim

#10
January 18, 2019, 10:43:51 PM
Thanks for your reply avatar_DinoToyForum @dinotoyforumS @SidB, thanks for sharing your experience of it, it's helpful.

Gothmog the Baryonyx

#11
February 09, 2019, 06:37:02 PM
I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?
Megalosaurus, Iguanodon, Archaeopteryx, Cetiosaurus, Compsognathus, Hadrosaurus, Brontosaurus, Tyrannosaurus, Triceratops, Albertosaurus, Herrerasaurus, Stenonychosaurus, Deinonychus, Maiasaura, Carnotaurus, Baryonyx, Argentinosaurus, Sinosauropteryx, Microraptor, Citipati, Mei, Tianyulong, Kulindadromeus, Zhenyuanlong, Yutyrannus, Borealopelta, Caihong

BRONSON

#12
February 09, 2019, 08:05:45 PM
I am not worried about the government or aliens watching this site and content at all, I am safe my tinfoil hat ensures that.

Shonisaurus

#13
February 10, 2019, 12:07:35 AM
For me, the web pages I visit can be seen by the national and international governmental authorities. In my case I have a clear conscience.

DinoToyForum

#14
February 10, 2019, 12:17:24 PM
Quote from: Gothmog the Baryonyx on February 09, 2019, 06:37:02 PM
I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?

;D Good idea.

stargatedalek

#15
March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

DinoToyForum

#16
March 11, 2020, 10:29:06 PM Last Edit: March 11, 2020, 10:30:56 PM by dinotoyforum
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)

DinoToyForum

#17
March 11, 2020, 10:35:20 PM
By the way, thanks for flagging it. I really do need to set up https, even though http is perfectly fine for a site like this, just to stop these warning messages appearing.  ::)

stargatedalek

#18
March 11, 2020, 10:39:38 PM
Quote from: dinotoyforum on March 11, 2020, 10:29:06 PM
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

DinoToyForum

#19
March 11, 2020, 10:45:34 PM
Quote from: stargatedalek on March 11, 2020, 10:39:38 PM
Quote from: dinotoyforum on March 11, 2020, 10:29:06 PM
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

Firefox isn't thinking that, it is just saying that it can't guarantee this site is trustworthy. It sees the data input fields, it sees that the site is http and not https, and thinks "ooh, hello, I can't guarantee this isn't a scam site, I better warn the user just in case".

Support the Dinosaur Toy Forum by making dino-purchases through these links to Ebay and Amazon. Disclaimer: these links are affiliate links, so when you make purchases through them we may make a commission.

Print
Go Up Pages1 2
User actions