Forum 'Not secure'

[sp_cs]

Getting the msg below in my browser window - anyone else?

This is in Chrome

[widebody911]

Yes

Chrome is starting to be more "alarmist" about sites using http vs https https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

In this day and age, there's not reason sites should not be using https. This forum doesn't have much in the way of sensitive information, other than your login, so it's not a big deal, but still. Since they've never fixed the spammy "trackback" BS I imagine that security is not high on their "to do" list.

[sp_cs]

Thank you - i had no idea it was still http, especially as you say, login credentials could be exposed.

[Admin at Pelican Parts]

Https is active, but we haven't circled back and redirected anything on the server yet.

I'll kick this up in priority.. the irony is we have to jump through so many security hoops that forum maintenance items need to be scheduled a week out.

-Chris

[sp_cs]

Thanks Chris

[GH85Carrera]

Yea, I noticed that myself yesterday. If I close Firefox and come back it is ok for a while and goes back to unsecure.

[John Rogers]

You have to remember that HTTPS is not good for much as it covers the "wire" from the exit of the server to your home connection or router. It can easily be broken and places such as NSA can listen to your forum chat entries so even if we have users who are afraid to type the word GUN as they might get arrested or other bad things the website's application server can be hacked into or the data base server hacked into especially if using a free database such as MySQL or even worse your home router if you don't change your encryption key often or never! HTTPS will slow things down somewhat as there are more 1's and 0's the CPU has to process to get the latest query about if a user should get an appointment with a brain doctor due to dizzy spells?


Soooo the best thing is to use a "trash password" that is used no where else and keep an eye on your email inbox for phishing emails and change your home router key frequently!

[Admin at Pelican Parts]

Also--just in case it crosses anyone's mind--there is no link between our ecommerce site and this forum. The servers are literally located miles apart and operate on completely independent platforms (which is part of the reason why we're dragging our feet on the https rollout).

[tabs]

Quote:

Originally Posted by John Rogers

You have to remember that HTTPS is not good for much as it covers the "wire" from the exit of the server to your home connection or router. It can easily be broken and places such as NSA can listen to your forum chat entries so even if we have users who are afraid to type the word GUN as they might get arrested or other bad things the website's application server can be hacked into or the data base server hacked into especially if using a free database such as MySQL or even worse your home router if you don't change your encryption key often or never! HTTPS will slow things down somewhat as there are more 1's and 0's the CPU has to process to get the latest query about if a user should get an appointment with a brain doctor due to dizzy spells?


Soooo the best thing is to use a "trash password" that is used no where else and keep an eye on your email inbox for phishing emails and change your home router key frequently!

How did you know I was getting dizzy spells??????