Skip to main content
Please use HTTPS Started by Joshua Dickerson · · Read 45229 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

Re: Please use HTTPS

Reply #30

Nah, it uses Telnet! :P
LiveGallery - Simple gallery addon for ElkArte

Re: Please use HTTPS

Reply #31

Quote from: TE – redirect has been enabled ;) Should be fixed within the next few minutes ...
It's not. The problem is related to elkarte.net vs www.elkarte.net. I don't know what the previous behavior was, but it must've been proper. I always type no-www and expect the site to 301 redirect if it wants to (and vice versa from www to no-www!). Anything else is bad website behavior.

1. I go to elkarte.net (not logged in).
2. I click login (link points to www.elkarte.net ?action=login).
3. I'm logged in on www.elkarte.net without being prompted for a password (as expected).

Of course you can replace 2 by just clicking on home or typing www.elkarte.net etc.

Re: Please use HTTPS

Reply #32

Quote from: ahrasis – I noted one page is not fully secure as IchBin avatar url is on non https in here.
@Spuds regarding this, I updated the site with the pull request I sent https://github.com/Spuds/Elk_Image_Cache/pull/2 seems to work, but I'm not sure if I broke anything else... especially because I didn't check if the code here at elk.net was the same as the one in the repo... sorry, I realized only while writing this text and I have already closed the file, so undo is not an option anymore... :'(
 emanuele feels stupid.
Bugs creator.
Features destroyer.
Template killer.

Re: Please use HTTPS

Reply #33

I should be fine  :) I had updated the repo with the change I made for 1.1 final.  Cool work on the avatar update !

Re: Please use HTTPS

Reply #34

Quote from: Frenzie –
Quote from: TE – redirect has been enabled ;) Should be fixed within the next few minutes ...
It's not. The problem is related to elkarte.net vs www.elkarte.net. I don't know what the previous behavior was, but it must've been proper. I always type no-www and expect the site to 301 redirect if it wants to (and vice versa from www to no-www!). Anything else is bad website behavior.

1. I go to elkarte.net (not logged in).
2. I click login (link points to www.elkarte.net ?action=login).
3. I'm logged in on www.elkarte.net without being prompted for a password (as expected).

Of course you can replace 2 by just clicking on home or typing www.elkarte.net etc.
Should be fixed, I've added some code to our index.php (homepage).. Just posting it here so others could benefit from the solution..

Code: [Select]
if (substr($_SERVER['HTTP_HOST'], 0, 4) !== 'www.') {
    header('Location: https://www.'.$_SERVER['HTTP_HOST']);
    exit;
}

Thorsten "TE" Eurich
------------------------

Re: Please use HTTPS

Reply #35

Seems to work okay. Btw, it probably doesn't matter much if at all unless you have really high traffic but doing it on the server ought to be faster: http://www.yes-www.org/redirection/

Re: Please use HTTPS

Reply #37

Cool !
 

Re: Please use HTTPS

Reply #38

QuoteServer Type: nginx/1.2.1
That's quite an old version of nginx.

Re: Please use HTTPS

Reply #40

Yeah, so long it works without any serious vulnerabilities, it should be fine, I think.

Re: Please use HTTPS

Reply #41

I still wonder if HTTPS can be used to sniff out people and control things somehow. Like they do a lot of weird things to ruin the internet these days. I just wonder if there is some Luciferian thing behind it, but know to litte about it.
I use it on my website as well, but I seem to hit into a lot of pages where I am told not to go into because there is an issue - and now FTP seems to have something of the same. Just more work it seems and I still wonder if there is anything that can further help the people who wants to control everything in this world by using HTTPS.
Well at least google are pusing https websites apparently as I understood, giving them preference compared to http sites. Just so anoying when you hit into pages where there is an issue because of it using https. Well... I don't know enough technical things to know if there is any backdoors in this system or not. Maybe some of you more Knowledgeable on that subject know. Sure safety for website and users it is said, but is there anything behind it that can be used to further control users.
It's really sad to see how the internet has become mainstream, like one of the reasons I got my TV out was because of all the propaganda - and now it is all over the internet. Not only is the mainstream nonsense propeganda all over, so is control and censuring.

Re: Please use HTTPS

Reply #42

Actually, https should serve to do quite the opposite. The premise is preventing third party snooping. ;)

Re: Please use HTTPS

Reply #43

Quote from: badmonkey – Actually, https should serve to do quite the opposite. The premise is preventing third party snooping. ;)

Yea, but what I'm thinking, if there is someway a backdoor or hidden agenda behind promoting it.

Re: Please use HTTPS

Reply #44

Quote from: Darkijah –
Quote from: badmonkey – Actually, https should serve to do quite the opposite. The premise is preventing third party snooping. ;)
  
Yea, but what I'm thinking, if there is someway a backdoor or hidden agenda behind promoting it.
 
 Since the alternative is transmitting all information over the wire in plaintext, human readable format, Ima say there is not a hidden agenda. In terms of security it couldn't be any worse than that.

Is there a backdoor? Again Ima say no because high level governments are beginning to push for precisely that, as even they cannot reliably intercept encrypted intel. 

Is it foolproof? Of course not. Information security will always be a cat and mouse game. Each time a hole is discovered, it gets plugged. Then the search is on for a new hole. Repeat ad nauseum.