News:

Poll time! Cast your votes for the best stegosaur toys, the best ceratopsoid toys (excluding Triceratops), and the best allosauroid toys (excluding Allosaurus) of all time! Some of the polls have been reset to include some recent releases, so please vote again, even if you voted previously.

Main Menu

Disclaimer: links to Ebay.com and Amazon.com on the Dinosaur Toy Forum are often affiliate links, when you make purchases through these links we may make a commission.

avatar_mgaguilar

Insecure Connection to DTF

Started by mgaguilar, April 07, 2018, 07:22:41 AM

Previous topic - Next topic

stargatedalek

Quote from: dinotoyforum on March 11, 2020, 10:45:34 PM
Quote from: stargatedalek on March 11, 2020, 10:39:38 PM
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

Firefox isn't thinking that, it is just saying that it can't guarantee this site is trustworthy. It sees the data input fields, it sees that the site is http and not https, and thinks "ooh, hello, I can't guarantee this isn't a scam site, I better warn the user just in case".
That isn't what it told me. It says specifically when I select more information that it sends the warning because "unencrypted data can be read by third parties". If I'm sending data to a website the website can see and read that data anyway. Encryption is to protect third parties from seeing it.


DinoToyForum

Quote from: stargatedalek on March 11, 2020, 11:32:53 PM
Quote from: dinotoyforum on March 11, 2020, 10:45:34 PM
Quote from: stargatedalek on March 11, 2020, 10:39:38 PM
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

Firefox isn't thinking that, it is just saying that it can't guarantee this site is trustworthy. It sees the data input fields, it sees that the site is http and not https, and thinks "ooh, hello, I can't guarantee this isn't a scam site, I better warn the user just in case".
That isn't what it told me. It says specifically when I select more information that it sends the warning because "unencrypted data can be read by third parties". If I'm sending data to a website the website can see and read that data anyway. Encryption is to protect third parties from seeing it.

Please could you send me a screenshot of the warning message?


DinoToyForum

Forum passwords are encrypted by the software, by the way. Encryption is to protect a user from any party seeing it. For example, there is no legitimate way for me, as admin - a 'first party' if you like - to see users passwords. But this is related to software rather than https.



DinoToyForum

#23
I don't want to speak too soon but I think I have successfully set up the site with a SSL certificate and https. We've never needed this since the site is not collecting sensitive data (such as credit card details) but at least the site will no longer be flagged as "not secure" in browsers, which has put some users off in the past. Instead, the url should have a little padlock icon next to it in some browsers.

Also, I think https is important for good search engine rankings.

Anyway, let me know if you encounter any unforeseen problems or changes with the site, which may be related to this security upgrade.


ceratopsian

Oh yes - there is the little padlock now, duly visible.

DinoToyForum



Pliosaurking

Yeah the padlock is visible. Until I read this thread I always wondered why its "not secure". This clears that up at least!

DinoToyForum

Quote from: Pliosaurking on November 21, 2022, 08:51:58 PMYeah the padlock is visible. Until I read this thread I always wondered why its "not secure". This clears that up at least!

I've been wanting to do it for years but couldn't get past some technical barriers. Glad it's finally 'secure'.



Halichoeres

I will now commence posting all my sensitive data.
In the kingdom of the blind, better take public transit. Well, in the kingdom of the sighted, too, really--almost everyone is a terrible driver.

My attempt to find the best toy of every species

My trade/sale/wishlist thread

Sometimes I draw pictures

Support the Dinosaur Toy Forum by making dino-purchases through these links to Ebay and Amazon. Disclaimer: these links are affiliate links, so when you make purchases through them we may make a commission.