Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Prudent to convert this forum to HTTPS for login and rest of forum.
-
- Senior Member
- Posts: 817
- Joined: Fri Oct 17, 2014 8:13 pm
- Location: kingston, ontario, Canada
Prudent to convert this forum to HTTPS for login and rest of forum.
Most of web sites of all kinds have converted to HTTPS for safety and security reason. Why not here?
Cheers, thinkpadcollection
Cheers, thinkpadcollection
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
What are the risks that require this kind of mitigation?
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
-
- Admin Emeritus
- Posts: 23812
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
If you are that concerned, use an add-on like: HTTPS Everywhere
-
- Senior ThinkPadder
- Posts: 3810
- Joined: Mon May 28, 2012 5:49 am
- Location: Metro Manila, Philippines
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.dr_st wrote:What are the risks that require this kind of mitigation?
Planned Purchase: T480s i5-8350 FHD Touch
Impulse Buy: Thinkpad not named for safety reasons
RIP: X220 4291-C91 X61 7676-A24 760XD-U9E
Impulse Buy: Thinkpad not named for safety reasons
RIP: X220 4291-C91 X61 7676-A24 760XD-U9E
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
Thought as much.axur-delmeria wrote:Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.dr_st wrote:What are the risks that require this kind of mitigation?
I don't use the same password for forums as I do for anything personal/important, for that reason among others.
Isn't there something in the login process itself that makes it transmit only the hash, or something like that? Otherwise you'd think that millions of passwords would be stolen by trivial means in the years before most moved to https.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
-
- Senior Member
- Posts: 817
- Joined: Fri Oct 17, 2014 8:13 pm
- Location: kingston, ontario, Canada
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
I thought made this clear, once you go to this forum, it is already in HTTPS website mode means secure website even you are not logged in yet, and therefore login is secure enough already as well. My browser always flag this as insecure every time I log in and the little padlock in front of website address is red cross.
Majority of the websites I visit have implemented HTTPS.
Cheers, thinkpadcollection
Majority of the websites I visit have implemented HTTPS.
Cheers, thinkpadcollection
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
After reading this, I tried https on the site and got a browser warning.
This site has https via a lets encrypt certificate but it is not functioning fully. I recently dealt with a similar problem in a couple of sites of mine that had images and other content being transmitted by http which gets a browser flag these days. Fixing it in one, a Wordpress site, was done by installing a plugin that forced all content to https. The other had an Oscommerce store that just needed a couple of tweaks to the config file. This site needs some tweaking of the https but what needs to be done depends on the software used. It probably won't be that difficult and at worst will take the site offline a short while for maintenance. In my case, it didn't even require any downtime.
This site has https via a lets encrypt certificate but it is not functioning fully. I recently dealt with a similar problem in a couple of sites of mine that had images and other content being transmitted by http which gets a browser flag these days. Fixing it in one, a Wordpress site, was done by installing a plugin that forced all content to https. The other had an Oscommerce store that just needed a couple of tweaks to the config file. This site needs some tweaking of the https but what needs to be done depends on the software used. It probably won't be that difficult and at worst will take the site offline a short while for maintenance. In my case, it didn't even require any downtime.
I've got a T580, 2 W500s, a W520, an X201T, an X220T, an 3 X61Ts, a 15" T60, a 14" T60P, a 15" UXGA T60P, a 15" T42p a W701, and my first Thinkpad, a 770X.
-
- Admin Emeritus
- Posts: 23812
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
The Forum website has now been converted to HTTPS:// thanks to our in-house technician Joe.
This may cause some (or all?) of you to have been logged out.
Before you log in again, you should delete all your forum.thinkpads.com cookies.
For a HOW-TO, see this: https://www.howtogeek.com/111925/delete ... n-windows/
This may cause some (or all?) of you to have been logged out.
Before you log in again, you should delete all your forum.thinkpads.com cookies.
For a HOW-TO, see this: https://www.howtogeek.com/111925/delete ... n-windows/
-
- Sophomore Member
- Posts: 215
- Joined: Fri Aug 10, 2012 9:40 pm
- Location: British Columbia, Canada
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
The https upgrade may have broken Tapatalk compatibility. I can't log in anymore via the app.
Home: L440 | R500 | X120e Server
Work: ThinkPad Yoga 260 | Dell Latitude 5320
Work: ThinkPad Yoga 260 | Dell Latitude 5320
-
- Admin Emeritus
- Posts: 23812
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://
-
- Senior Member
- Posts: 817
- Joined: Fri Oct 17, 2014 8:13 pm
- Location: kingston, ontario, Canada
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
Confirmed that https is now working here.
Cheers, thinkpadcollection
Cheers, thinkpadcollection
-
- Sophomore Member
- Posts: 215
- Joined: Fri Aug 10, 2012 9:40 pm
- Location: British Columbia, Canada
Re: RE: Re: Prudent to convert this forum to HTTPS for login and rest of forum.
Thanks. I don't think that's a change that users can make, but the app has started to work again in any case.RealBlackStuff wrote:I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://
Sent from my Passport using Tapatalk
Home: L440 | R500 | X120e Server
Work: ThinkPad Yoga 260 | Dell Latitude 5320
Work: ThinkPad Yoga 260 | Dell Latitude 5320
Re: Prudent to convert this forum to HTTPS for login and rest of forum.
Https working. No more browser flags. I did have to login again which is normal for changing from http to https.
I've got a T580, 2 W500s, a W520, an X201T, an X220T, an 3 X61Ts, a 15" T60, a 14" T60P, a 15" UXGA T60P, a 15" T42p a W701, and my first Thinkpad, a 770X.
Who is online
Users browsing this forum: No registered users and 16 guests