You can support the Dinosaur Toy Forum by making dino-purchases through these links to Ebay and Amazon. Disclaimer: these and other links to Ebay.com and Amazon.com on the Dinosaur Toy Forum are often affiliate links, so when you make purchases through them we may make a commission.

avatar_mgaguilar

Insecure Connection to DTF

Started by mgaguilar, April 07, 2018, 07:22:41 AM

Previous topic - Next topic

mgaguilar

I know I probably shouldn't be worried about this, but I was wondering why this site doesn't have a valid security certificate?
It's one of the only sites I visit regularly that does not have one. Not that I have any sensitive information on it.
I have a ton of adware blockers and such installed on my browser, but I am usually pretty careful. Is it necessary to be so on this site?



DinoToyForum

#1
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.



Stuckasaurus (Dino Dad Reviews)

Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

DinoToyForum

#3
Quote from: Stuckasaurus on April 07, 2018, 01:55:17 PM
Thanks for this. I've only recently started seeing this message, so I'd wondered if something had changed.

Maybe your browser or its settings have been updated?



DinoToyForum

Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?



mgaguilar

Quote from: dinotoyforum on April 07, 2018, 02:41:49 PM
Quick question, do those of you receiving this message also encounter it when visiting the Dinosaur Toy Blog?

Yes, following the link from this site, it does appear DTB is the same way.

Thanks for the response. And HUGE respect for you to be organizing this by yourself. Absolutely fantastic work.

Sim

I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

avatar_DinoToyForum @dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

Quote from: dinotoyforum on April 07, 2018, 11:18:47 AM
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

Amazon ad:

SidB

I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

DinoToyForum

Quote from: Sim on January 16, 2019, 11:49:49 PM
I've been unable to access my own computer for a little while now, and I just visited the forum for the first time since, using a different computer.  When I went to log in, I received the following message: "This connection is not secure.  Logins entered here could be compromised."

avatar_DinoToyForum @dinotoyforum, I'm guessing what you've said in the quote below applies to the situation I encountered when trying to log in?

Quote from: dinotoyforum on April 07, 2018, 11:18:47 AM
HTTPS and SSL encrypt data while it is being transferred. Since the forum does not gather sensitive data (e.g. credit card details), such security isn't necessary.

That said, I am considering converting the forum to https, simply to avoid the warning message, which no doubt must scare off some visitors. If it was easy (and free) to do, I would do it immediately. I'm a one man band, remember.

As a general precaution, make sure your forum password is unique (don't use the same password for multiple sites) and don't put sensitive information (like credit card details) in private messages. Otherwise, there is no need for concern.

Exactly. It is just your browser recognising that this site is http and not https when you sign in.



DinoToyForum

Quote from: SidB on January 17, 2019, 12:35:39 AM
I also receive the "insecure connection," which, while a bit off-putting, doesn't stop me from logging in. "Damn the torpedoes, full speed ahead," I guess.

What's the worst that can happen?



Sim

Thanks for your reply avatar_DinoToyForum @dinotoyforumS @SidB, thanks for sharing your experience of it, it's helpful.

Gothmog the Baryonyx

I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?
Megalosaurus, Iguanodon, Archaeopteryx, Cetiosaurus, Compsognathus, Hadrosaurus, Brontosaurus, Tyrannosaurus, Triceratops, Albertosaurus, Herrerasaurus, Stenonychosaurus, Deinonychus, Maiasaura, Carnotaurus, Baryonyx, Argentinosaurus, Sinosauropteryx, Microraptor, Citipati, Mei, Tianyulong, Kulindadromeus, Zhenyuanlong, Yutyrannus, Borealopelta, Caihong

BRONSON

I am not worried about the government or aliens watching this site and content at all, I am safe my tinfoil hat ensures that.


Shonisaurus

For me, the web pages I visit can be seen by the national and international governmental authorities. In my case I have a clear conscience.

DinoToyForum

Quote from: Gothmog the Baryonyx on February 09, 2019, 06:37:02 PM
I've been wanting to say this for a while, so apologies if its insensitive.

If your connection is insecure, why don't you try to reassure it and tell it how much better it is than any other connection?

;D Good idea.



stargatedalek

Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

DinoToyForum

#16
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)



DinoToyForum

By the way, thanks for flagging it. I really do need to set up https, even though http is perfectly fine for a site like this, just to stop these warning messages appearing.  ::)



stargatedalek

Quote from: dinotoyforum on March 11, 2020, 10:29:06 PM
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

DinoToyForum

Quote from: stargatedalek on March 11, 2020, 10:39:38 PM
Quote from: dinotoyforum on March 11, 2020, 10:29:06 PM
Quote from: stargatedalek on March 11, 2020, 04:27:03 PM
Firefox is telling me the site is not secure, saying there is a risk of passwords being stolen.
Quote
Parts of the page you are viewing were not encrypted before being transmitted over the internet.
Information sent over the internet without encryption can be seen by other people while it is in transit.

I'm using the https:// rather than www. version already, so this must be happening server side. Is there an easy settings fix for this, or is this a problem with the sites host?

This site isn't set up for https so using that in the URL won't do anything. Firefox and maybe other browsers will flag this site because it sees the data input fields and worries that it may be a scam site using those fields to harvest sensitive data - credit cards and useful passwords. But 1. The site is legit - you know this even if Firefox doesn't, so there is nothing to worry about. And 2. The fields are for username and password only. So, if you're worried about this site being hacked, make sure your password is unique. Then, in the unlikely worst case scenario that the site security is hacked and then the password encryption is subsequently hacked, all the hackers will have are some useless passwords. Nothing to worry about, believe me.  :)

Since this isn't a server issue, I'll move it to a different existing thread on this topic...  C:-)
Fair enough. The issue of an insecure site is always about third parties, a site has everything you send to it anyway so it's not about Firefox thinking the DTF itself isn't trustworthy.

Firefox isn't thinking that, it is just saying that it can't guarantee this site is trustworthy. It sees the data input fields, it sees that the site is http and not https, and thinks "ooh, hello, I can't guarantee this isn't a scam site, I better warn the user just in case".



Disclaimer: links to Ebay and Amazon are affiliate links, so the DinoToyForum may make a commission if you click them.


Amazon ad: