Gun store Shooting Locations It is currently Thu Mar 28, 2024 6:01 pm



Rules WGO Chat Room Gear Rent Me Shield NRA SAF CCKRBA
Calendar




Reply to topic  [ 19 posts ]  Go to page 1, 2  Next
 Connection not private 
Author Message
Site Supporter
User avatar
Site Supporter

Location: Marysville, WA
Joined: Fri Jul 22, 2011
Posts: 11581
Real Name: Mike
Seems like I'm getting a new message in my browser command line when I log in to this site. To be fair some others as well.

I get an "i" in a "circle" where the "http" used to be. When I click on the circled "i" it tells me that my connection is not private.

Any ideas? I've read that it may have to do with the security certificate of the site and even that my pc's clock is set wrong. Clock is set automatically via net so I doubt that. Curious.

I'm now running Win 10 Anniversary edition with all it's updates and patches to date. Don't see any errors like this when I use "Edge", just Chrome.

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 11:24 am
Profile
Site Admin
User avatar
Site Admin

Location: Olympia, WA
Joined: Fri Mar 11, 2011
Posts: 38292
Real Name: Dan
We are not running HTTPS protocol, yet.


Fri Sep 23, 2016 11:30 am
Profile WWW
Site Supporter
User avatar
Site Supporter

Location: Marysville, WA
Joined: Fri Jul 22, 2011
Posts: 11581
Real Name: Mike
I'm one of those that has to consult with a grand kid in order to understand a lot about computers :bigsmile:

I could have sworn that in the past the command line used to start with http:// (without the "s") just before the "www.xxxxxx"

Just recently noticed that I now see the circled "i" which called my attention to the non private connection. Perhaps Google has made a change???

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 12:00 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Sat Oct 29, 2011
Posts: 16044
Real Name: Steve
Massivedesign wrote:
We are not running HTTPS protocol, yet.


Great. Now the NSA can spy on us.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins


Fri Sep 23, 2016 12:01 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Snohomish County
Joined: Tue Feb 21, 2012
Posts: 1146
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.

The ONLY change that has occurred is to the browser. No security vulnerability has been detected or exposed, it just means that your connection is unencrypted. Don't use the same password you do here for any other sites.


It would be nice for SSL to be enabled.


Fri Sep 23, 2016 12:08 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Marysville, WA
Joined: Fri Jul 22, 2011
Posts: 11581
Real Name: Mike
lunacite wrote:
This is a change that Google has made in their Chrome browser in order to push https to be the default protocol on the internet.



Maybe they're doing it so they don't get the same "hack" as Yahoo.


Anyway, thanks for the explanation.

_________________
"I've learned from the Dog that an afternoon nap is a good thing"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"For he to-day that sheds his blood with me
Shall be my brother
" - William Shakespeare


Fri Sep 23, 2016 1:06 pm
Profile
Site Moderator
User avatar
Site Moderator

Location: Marysville
Joined: Thu Mar 22, 2012
Posts: 13477
Real Name: Mike
Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?

_________________
Licensed/Bonded/Insured Hardwood Floor Installer/Finisher http://www.hardwoodfloorsnw.com/


Fri Sep 23, 2016 1:11 pm
Profile
Site Admin
User avatar
Site Admin

Location: Olympia, WA
Joined: Fri Mar 11, 2011
Posts: 38292
Real Name: Dan
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:


Fri Sep 23, 2016 1:38 pm
Profile WWW
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Sat Oct 29, 2011
Posts: 16044
Real Name: Steve
What about just using HTTPS Everywhere? https://www.eff.org/Https-Everywhere

I use and it's pretty nice.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins


Fri Sep 23, 2016 1:46 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Tri -Cities
Joined: Thu May 23, 2013
Posts: 2798
Real Name: David
kf7mjf wrote:
Massivedesign wrote:
We are not running HTTPS protocol, yet.


Great. Now the NSA can spy on us.

Hahaha, like a little "s" is going to stop the NSA. Silly writers write silly things :D


Fri Sep 23, 2016 2:31 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Sat Oct 29, 2011
Posts: 16044
Real Name: Steve
So says the NSA mole.

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins


Fri Sep 23, 2016 2:45 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Tri -Cities
Joined: Thu May 23, 2013
Posts: 2798
Real Name: David
kf7mjf wrote:
So says the NSA mole.

I'm pretty sure I'd be a bad NSA mole. Saying the NSA isn't stopped by a bit of encryption is not something they would be spreading around.


Fri Sep 23, 2016 2:54 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Olympia
Joined: Sat Oct 29, 2011
Posts: 16044
Real Name: Steve
That's what you want us to believe!

_________________
"I won't insult your intelligence by suggesting that you really believe what you just said." - William Buckley, Jr.

"...steam, artillery and revolvers give to civilized man an irresistible power." -Perry Collins


Fri Sep 23, 2016 2:55 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Stanwood
Joined: Sun Mar 11, 2012
Posts: 1920
Real Name: Chris
Massivedesign wrote:
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:


Just FYI you could probably find a plug in that hashes the login info before it sends it to the server. That might be more trouble than https though. Just be aware that if you happen to login to waguns.org using open unencrypted WiFi you're sending your login info in clear text that can be easily intercepted. If you use the same password on this site that you do others you can open yourself up to other trouble.


Fri Sep 23, 2016 4:59 pm
Profile
Site Supporter
User avatar
Site Supporter

Location: Snohomish County
Joined: Tue Feb 21, 2012
Posts: 1146
Massivedesign wrote:
Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:



You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.


Fri Sep 23, 2016 9:01 pm
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 19 posts ]  Go to page 1, 2  Next

Who is online

Users browsing this forum: No registered users and 38 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum



Rules WGO Chat Room Gear Rent Me NRA SAF CCKRBA
Calendar


Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software for PTF.
[ Time : 0.990s | 17 Queries | GZIP : Off ]