Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

Prudent to convert this forum to HTTPS for login and rest of forum.

Got a question or suggestion about the forum? Ask or comment here, or
PM an admin or moderator.
Post Reply
Message
Author
thinkpadcollection
Senior Member
Senior Member
Posts: 795
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Prudent to convert this forum to HTTPS for login and rest of forum.

#1 Post by thinkpadcollection » Fri Apr 28, 2017 7:26 pm

Most of web sites of all kinds have converted to HTTPS for safety and security reason. Why not here?

Cheers, thinkpadcollection

dr_st
Senior ThinkPadder
Senior ThinkPadder
Posts: 7282
Joined: Sat Oct 29, 2005 6:20 am

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#2 Post by dr_st » Sat Apr 29, 2017 9:31 am

What are the risks that require this kind of mitigation?
Current: Thinkpad 25 (20K7), Yoga 14 (20FY), X220 4291-4BG, T410 2537-R46, T60 2007-QPG, T42 2373-F7G
Collectibles: T430s (IPS FHD + Classic Keyboard), X32 (IPS Screen)
Retired: X61 7673-V2V, T60 1952-F76, A31p w/ Ultrabay Numpad

RealBlackStuff
Admin
Admin
Posts: 19008
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA
Contact:

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#3 Post by RealBlackStuff » Sat Apr 29, 2017 10:17 am

If you are that concerned, use an add-on like: HTTPS Everywhere

axur-delmeria
ThinkPadder
ThinkPadder
Posts: 1800
Joined: Mon May 28, 2012 5:49 am
Location: Metro Manila, Philippines

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#4 Post by axur-delmeria » Sat Apr 29, 2017 12:39 pm

dr_st wrote:What are the risks that require this kind of mitigation?
Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.
Daily driver: X220 4291-C91 i7-2620M

Backup: X220 4291-P79 i5-2520M
Toy: X60/s Frankenpad Core Solo U1300
In pieces: two retired but working X61Ts
RIP: 760XD 9546-U9E, X61 T7500
:cry:

dr_st
Senior ThinkPadder
Senior ThinkPadder
Posts: 7282
Joined: Sat Oct 29, 2005 6:20 am

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#5 Post by dr_st » Sat Apr 29, 2017 1:22 pm

axur-delmeria wrote:
dr_st wrote:What are the risks that require this kind of mitigation?
Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.
Thought as much.

I don't use the same password for forums as I do for anything personal/important, for that reason among others.

Isn't there something in the login process itself that makes it transmit only the hash, or something like that? Otherwise you'd think that millions of passwords would be stolen by trivial means in the years before most moved to https.
Current: Thinkpad 25 (20K7), Yoga 14 (20FY), X220 4291-4BG, T410 2537-R46, T60 2007-QPG, T42 2373-F7G
Collectibles: T430s (IPS FHD + Classic Keyboard), X32 (IPS Screen)
Retired: X61 7673-V2V, T60 1952-F76, A31p w/ Ultrabay Numpad

thinkpadcollection
Senior Member
Senior Member
Posts: 795
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#6 Post by thinkpadcollection » Sun Apr 30, 2017 7:25 pm

I thought made this clear, once you go to this forum, it is already in HTTPS website mode means secure website even you are not logged in yet, and therefore login is secure enough already as well. My browser always flag this as insecure every time I log in and the little padlock in front of website address is red cross.

Majority of the websites I visit have implemented HTTPS.

Cheers, thinkpadcollection

MisterB
Junior Member
Junior Member
Posts: 289
Joined: Wed Oct 26, 2011 7:23 pm
Location: Southwest USA

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#7 Post by MisterB » Sun Apr 30, 2017 8:20 pm

After reading this, I tried https on the site and got a browser warning.

This site has https via a lets encrypt certificate but it is not functioning fully. I recently dealt with a similar problem in a couple of sites of mine that had images and other content being transmitted by http which gets a browser flag these days. Fixing it in one, a Wordpress site, was done by installing a plugin that forced all content to https. The other had an Oscommerce store that just needed a couple of tweaks to the config file. This site needs some tweaking of the https but what needs to be done depends on the software used. It probably won't be that difficult and at worst will take the site offline a short while for maintenance. In my case, it didn't even require any downtime.
Currently using: A W500, a W520, two X201Ts, an X220T, an X61T, a 14" T60P, a 15" UXGA T60P, and a W701.
Currently idle: A spare W500, a spare X61T, a 14" T61, a 15" SXGA+ T60, a 14" T60, and my first Thinkpad, a 770X.

RealBlackStuff
Admin
Admin
Posts: 19008
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA
Contact:

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#8 Post by RealBlackStuff » Mon May 01, 2017 9:24 am

The Forum website has now been converted to HTTPS:// thanks to our in-house technician Joe.

This may cause some (or all?) of you to have been logged out.

Before you log in again, you should delete all your forum.thinkpads.com cookies.

For a HOW-TO, see this: https://www.howtogeek.com/111925/delete ... n-windows/

Omineca
Sophomore Member
Posts: 130
Joined: Fri Aug 10, 2012 9:40 pm
Location: British Columbia, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#9 Post by Omineca » Mon May 01, 2017 11:00 am

The https upgrade may have broken Tapatalk compatibility. I can't log in anymore via the app.
Current: R500 | Yoga 260
Rarely Used: Satellite 2410 | 390X | X120e
Gone: Hyundai 486SX/25 | Satellite T1910 | 365XD | T40 | T42 | R400 | T430 | Latitude 5480

RealBlackStuff
Admin
Admin
Posts: 19008
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA
Contact:

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#10 Post by RealBlackStuff » Mon May 01, 2017 11:15 am

I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://

thinkpadcollection
Senior Member
Senior Member
Posts: 795
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#11 Post by thinkpadcollection » Mon May 01, 2017 6:24 pm

Confirmed that https is now working here.

Cheers, thinkpadcollection

Omineca
Sophomore Member
Posts: 130
Joined: Fri Aug 10, 2012 9:40 pm
Location: British Columbia, Canada

Re: RE: Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#12 Post by Omineca » Mon May 01, 2017 7:43 pm

RealBlackStuff wrote:I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://
Thanks. I don't think that's a change that users can make, but the app has started to work again in any case.

Sent from my Passport using Tapatalk
Current: R500 | Yoga 260
Rarely Used: Satellite 2410 | 390X | X120e
Gone: Hyundai 486SX/25 | Satellite T1910 | 365XD | T40 | T42 | R400 | T430 | Latitude 5480

MisterB
Junior Member
Junior Member
Posts: 289
Joined: Wed Oct 26, 2011 7:23 pm
Location: Southwest USA

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#13 Post by MisterB » Tue May 02, 2017 8:22 am

Https working. No more browser flags. I did have to login again which is normal for changing from http to https.
Currently using: A W500, a W520, two X201Ts, an X220T, an X61T, a 14" T60P, a 15" UXGA T60P, and a W701.
Currently idle: A spare W500, a spare X61T, a 14" T61, a 15" SXGA+ T60, a 14" T60, and my first Thinkpad, a 770X.

Post Reply

Return to “Forum Notices, Questions and Suggestions”

Who is online

Users browsing this forum: No registered users and 2 guests