Author Topic: Insecure Connection to DTF  (Read 1838 times)

mgaguilar

  • Hero member
  • *****
  • Posts: 557
  • Beginning the Collection. California, USA.
    • View Profile
  • Dinosaur: Tyrannosaurus rex
Insecure Connection to DTF
« on: April 07, 2018, 07:22:41 AM »
I know I probably shouldn't be worried about this, but I was wondering why this site doesn't have a valid security certificate?
It's one of the only sites I visit regularly that does not have one. Not that I have any sensitive information on it.
I have a ton of adware blockers and such installed on my browser, but I am usually pretty careful. Is it necessary to be so on this site?



dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #1 on: April 07, 2018, 11:18:47 AM »
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.
« Last Edit: April 07, 2018, 11:19:19 AM by dinotoyforum »


Stuckasaurus

  • Precambrian survivor
  • ******
  • Posts: 752
  • DinoDadReviews.com
    • View Profile
    • Dino Dad Reviews
  • Dinosaur: Allosaurus
Re: Insecure Connection to DTF
« Reply #2 on: April 07, 2018, 01:55:17 PM »
Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #3 on: April 07, 2018, 02:31:45 PM »
Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

Maybe your browser or its settings have been updated?
« Last Edit: April 07, 2018, 02:35:05 PM by dinotoyforum »


dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #4 on: April 07, 2018, 02:41:49 PM »
Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?


mgaguilar

  • Hero member
  • *****
  • Posts: 557
  • Beginning the Collection. California, USA.
    • View Profile
  • Dinosaur: Tyrannosaurus rex
Re: Insecure Connection to DTF
« Reply #5 on: April 07, 2018, 04:46:41 PM »
Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?

Yes, following the link from this site, it does appear DTB is the same way.

Thanks for the response. And HUGE respect for you to be organizing this by yourself. Absolutely fantastic work.

Sim

  • Permian survivor
  • ************
  • Posts: 2294
    • View Profile
  • Dinosaur: Velociraptor mongoliensis
Re: Insecure Connection to DTF
« Reply #6 on: January 16, 2019, 11:49:49 PM »
I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

@dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

SidB

  • Cambrian survivor
  • *******
  • Posts: 1085
    • View Profile
Re: Insecure Connection to DTF
« Reply #7 on: January 17, 2019, 12:35:39 AM »
I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #8 on: January 17, 2019, 01:11:38 AM »
I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

@dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

Exactly. It is just your browser recognising that this site is http and not https when you sign in.


dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #9 on: January 17, 2019, 01:13:20 AM »
I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

What's the worst that can happen?


Sim

  • Permian survivor
  • ************
  • Posts: 2294
    • View Profile
  • Dinosaur: Velociraptor mongoliensis
Re: Insecure Connection to DTF
« Reply #10 on: January 18, 2019, 10:43:51 PM »
Thanks for your reply @dinotoyforum@SidB, thanks for sharing your experience of it, it's helpful.

Gothmog the Baryonyx

  • Hero member
  • *****
  • Posts: 721
    • View Profile
  • Dinosaur: Baryonyx walkeri
Re: Insecure Connection to DTF
« Reply #11 on: February 09, 2019, 06:37:02 PM »
I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?
Megalosaurus, Iguanodon, Archaeopteryx, Cetiosaurus, Compsognathus, Hadrosaurus, Brontosaurus, Tyrannosaurus, Triceratops, Albertosaurus, Stenonychosaurus, Deinonychus, Maiasaura, Carnotaurus, Baryonyx, Argentinosaurus, Sinosauropteryx, Microraptor, Citipati, Mei, Tianyulong, Kulndadromeus, Zhenyuanlong, Yutyrannus, Borealopelta, Halzskaraptor, Caihong

BRONSON

  • Full member
  • ***
  • Posts: 133
    • View Profile
  • Dinosaur: Carcharacoles Angustidens
Re: Insecure Connection to DTF
« Reply #12 on: February 09, 2019, 08:05:45 PM »
I am not worried about the government or aliens watching this site and content at all, I am safe my tinfoil hat ensures that.

Shonisaurus

  • Ultimate survivor
  • ***********************
  • Posts: 8626
    • View Profile
Re: Insecure Connection to DTF
« Reply #13 on: February 10, 2019, 12:07:35 AM »
For me, the web pages I visit can be seen by the national and international governmental authorities. In my case I have a clear conscience.

dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #14 on: February 10, 2019, 12:17:24 PM »
I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?

 ;D Good idea.


stargatedalek

  • Holocene survivor
  • **********************
  • Posts: 4875
  • Kawaii in the streets, and everywhere else I hope.
    • View Profile
  • Dinosaur: Fratercula arctica
Re: Insecure Connection to DTF
« Reply #15 on: March 11, 2020, 04:27:03 PM »
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #16 on: March 11, 2020, 10:29:06 PM »
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
« Last Edit: March 11, 2020, 10:30:56 PM by dinotoyforum »


dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #17 on: March 11, 2020, 10:35:20 PM »
By the way, thanks for flagging it. I really do need to set up https, even though http is perfectly fine for a site like this, just to stop these warning messages appearing.  ::)


stargatedalek

  • Holocene survivor
  • **********************
  • Posts: 4875
  • Kawaii in the streets, and everywhere else I hope.
    • View Profile
  • Dinosaur: Fratercula arctica
Re: Insecure Connection to DTF
« Reply #18 on: March 11, 2020, 10:39:38 PM »
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

dinotoyforum

  • Dr Admin
  • Administrator
  • Ultimate survivor
  • *****
  • Posts: 6743
  • Boy, do I hate being right all the time!
    • View Profile
    • The Dinosaur Toy Blog
  • Dinosaur: Rhomaleosaurus
  • v.1 status and posts: Admin (3,739 posts)
Re: Insecure Connection to DTF
« Reply #19 on: March 11, 2020, 10:45:34 PM »
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

Firefox isn't thinking that, it is just saying that it can't guarantee this site is trustworthy. It sees the data input fields, it sees that the site is http and not https, and thinks "ooh, hello, I can't guarantee this isn't a scam site, I better warn the user just in case".