Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

Prudent to convert this forum to HTTPS for login and rest of forum.

Got a question or suggestion about the forum? Ask or comment here, or
PM an admin or moderator.
Post Reply
Message
Author
thinkpadcollection
Senior Member
Senior Member
Posts: 817
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Prudent to convert this forum to HTTPS for login and rest of forum.

#1 Post by thinkpadcollection » Fri Apr 28, 2017 7:26 pm

Most of web sites of all kinds have converted to HTTPS for safety and security reason. Why not here?

Cheers, thinkpadcollection

dr_st
Admin
Admin
Posts: 9695
Joined: Sat Oct 29, 2005 6:20 am
Location: Israel

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#2 Post by dr_st » Sat Apr 29, 2017 9:31 am

What are the risks that require this kind of mitigation?
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad

RealBlackStuff
Admin Emeritus
Admin Emeritus
Posts: 23812
Joined: Mon Sep 18, 2006 5:17 am
Location: Loch Garman, Éire

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#3 Post by RealBlackStuff » Sat Apr 29, 2017 10:17 am

If you are that concerned, use an add-on like: HTTPS Everywhere

axur-delmeria
Senior ThinkPadder
Senior ThinkPadder
Posts: 3810
Joined: Mon May 28, 2012 5:49 am
Location: Metro Manila, Philippines

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#4 Post by axur-delmeria » Sat Apr 29, 2017 12:39 pm

dr_st wrote:What are the risks that require this kind of mitigation?
Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.
Planned Purchase: T480s i5-8350 FHD Touch
Impulse Buy: Thinkpad not named for safety reasons :lol:
RIP: X220 4291-C91 X61 7676-A24 760XD-U9E :cry:

dr_st
Admin
Admin
Posts: 9695
Joined: Sat Oct 29, 2005 6:20 am
Location: Israel

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#5 Post by dr_st » Sat Apr 29, 2017 1:22 pm

axur-delmeria wrote:
dr_st wrote:What are the risks that require this kind of mitigation?
Normal HTTP login means username and password are transmitted in plaintext (not encrypted), which makes it trivially easy to steal.
Thought as much.

I don't use the same password for forums as I do for anything personal/important, for that reason among others.

Isn't there something in the login process itself that makes it transmit only the hash, or something like that? Otherwise you'd think that millions of passwords would be stolen by trivial means in the years before most moved to https.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad

thinkpadcollection
Senior Member
Senior Member
Posts: 817
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#6 Post by thinkpadcollection » Sun Apr 30, 2017 7:25 pm

I thought made this clear, once you go to this forum, it is already in HTTPS website mode means secure website even you are not logged in yet, and therefore login is secure enough already as well. My browser always flag this as insecure every time I log in and the little padlock in front of website address is red cross.

Majority of the websites I visit have implemented HTTPS.

Cheers, thinkpadcollection

MisterB
Junior Member
Junior Member
Posts: 292
Joined: Wed Oct 26, 2011 7:23 pm
Location: Southwest USA

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#7 Post by MisterB » Sun Apr 30, 2017 8:20 pm

After reading this, I tried https on the site and got a browser warning.

This site has https via a lets encrypt certificate but it is not functioning fully. I recently dealt with a similar problem in a couple of sites of mine that had images and other content being transmitted by http which gets a browser flag these days. Fixing it in one, a Wordpress site, was done by installing a plugin that forced all content to https. The other had an Oscommerce store that just needed a couple of tweaks to the config file. This site needs some tweaking of the https but what needs to be done depends on the software used. It probably won't be that difficult and at worst will take the site offline a short while for maintenance. In my case, it didn't even require any downtime.
I've got a T580, 2 W500s, a W520, an X201T, an X220T, an 3 X61Ts, a 15" T60, a 14" T60P, a 15" UXGA T60P, a 15" T42p a W701, and my first Thinkpad, a 770X.

RealBlackStuff
Admin Emeritus
Admin Emeritus
Posts: 23812
Joined: Mon Sep 18, 2006 5:17 am
Location: Loch Garman, Éire

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#8 Post by RealBlackStuff » Mon May 01, 2017 9:24 am

The Forum website has now been converted to HTTPS:// thanks to our in-house technician Joe.

This may cause some (or all?) of you to have been logged out.

Before you log in again, you should delete all your forum.thinkpads.com cookies.

For a HOW-TO, see this: https://www.howtogeek.com/111925/delete ... n-windows/

Omineca
Sophomore Member
Posts: 215
Joined: Fri Aug 10, 2012 9:40 pm
Location: British Columbia, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#9 Post by Omineca » Mon May 01, 2017 11:00 am

The https upgrade may have broken Tapatalk compatibility. I can't log in anymore via the app.
Home: L440 | R500 | X120e Server
Work: ThinkPad Yoga 260 | Dell Latitude 5320

RealBlackStuff
Admin Emeritus
Admin Emeritus
Posts: 23812
Joined: Mon Sep 18, 2006 5:17 am
Location: Loch Garman, Éire

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#10 Post by RealBlackStuff » Mon May 01, 2017 11:15 am

I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://

thinkpadcollection
Senior Member
Senior Member
Posts: 817
Joined: Fri Oct 17, 2014 8:13 pm
Location: kingston, ontario, Canada

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#11 Post by thinkpadcollection » Mon May 01, 2017 6:24 pm

Confirmed that https is now working here.

Cheers, thinkpadcollection

Omineca
Sophomore Member
Posts: 215
Joined: Fri Aug 10, 2012 9:40 pm
Location: British Columbia, Canada

Re: RE: Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#12 Post by Omineca » Mon May 01, 2017 7:43 pm

RealBlackStuff wrote:I don't have a smartphone, but you may need to change your own phone's Tapatalk link to the Forum, to reflect https://
Thanks. I don't think that's a change that users can make, but the app has started to work again in any case.

Sent from my Passport using Tapatalk
Home: L440 | R500 | X120e Server
Work: ThinkPad Yoga 260 | Dell Latitude 5320

MisterB
Junior Member
Junior Member
Posts: 292
Joined: Wed Oct 26, 2011 7:23 pm
Location: Southwest USA

Re: Prudent to convert this forum to HTTPS for login and rest of forum.

#13 Post by MisterB » Tue May 02, 2017 8:22 am

Https working. No more browser flags. I did have to login again which is normal for changing from http to https.
I've got a T580, 2 W500s, a W520, an X201T, an X220T, an 3 X61Ts, a 15" T60, a 14" T60P, a 15" UXGA T60P, a 15" T42p a W701, and my first Thinkpad, a 770X.

Post Reply

Return to “Forum Notices, Questions and Suggestions”

Who is online

Users browsing this forum: No registered users and 16 guests