Progarchives.com has always (since 2002) relied on banners ads to cover web hosting fees and all.
Please consider supporting us by giving monthly PayPal donations and help keep PA fast-loading and ad-free forever.
/PAlogo_v2.gif "Progarchives.com Homepage") |
Securing PA with HTTPS |
Post Reply 
|
Page 12> |
| Author | ||
Luis de Sousa 
Forum Senior Member 
Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Securing PA with HTTPSPosted: October 07 2020 at 00:27 |
|
|
Hi all, as you may have noticed, every time you log on to PA from Chromium or Firefox, the browser warns you that the site is not secure. This happens because PA still functions on the old HTTP protocol, without encryption. The passwords are sent in clear text to the server and can easily be intercepted. A few more technical details in the post below: https://serverguy.com/ssl/google-forcing-ssl-certificate-websites/ Google and Mozilla have started flagging all websites using the old protocol as insecure a couple of years ago and there are persistent rumors about their browsers will blocking insecure websites altogether in the near future. Is the admin team working to set up HTTPS for PA? Or is there another plan in place? Thank you.
|
||
 |
||
|
DamoXt7942
Special Collaborator 
Joined: October 15 2008 Location: Okayama, Japan Status: Offline Points: 17493 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 00:44 |
|
|
Only the Owner M@X can deal with this issue. We Admins cannot do anything, sadly.
|
||
|
||
|
||
|
chopper
Special Collaborator
Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 20032 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 03:16 |
|
|
Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com.
|
||
|
||
|
DamoXt7942
Special Collaborator
Joined: October 15 2008 Location: Okayama, Japan Status: Offline Points: 17493 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 03:26 |
|
|
^ Wow ... not realized until now.
|
||
|
|
||
|
||
|
Meltdowner
Special Collaborator
Honorary Collaborator Joined: June 25 2013 Location: Portugal Status: Offline Points: 10273 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 04:18 |
|
|
It only lacks a redirect rule then. M@x could do that in a minute.
|
||
|
||
|
Rivertree
Special Collaborator
Honorary Collaborator / Band Submissions Joined: March 22 2006 Location: Germany Status: Offline Points: 17650 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 04:45 |
|
|
yep, I remember problems occuring with the display of rating stars under https
seem to have vanished |
||
 |
||
|
||
|
Sean Trane
Special Collaborator
Prog Folk Joined: April 29 2004 Location: Heart of Europe Status: Offline Points: 20414 |
Post Options
Thanks(0)
Quote Reply
Posted: October 07 2020 at 05:16 |
|
TBH, I wonder why he hasn't upgradfed to https years ago. This probably would've avoided the painful craptcha episode. |
||
|
||
|
Luis de Sousa
Forum Senior Member
Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
Post Options
Thanks(0)
Quote Reply
Posted: October 10 2020 at 09:21 |
|
That address is currently returning a 522 error (connection timeout). It looks like HTTP is the only thing working at the moment. Thanks for the info in any case.
|
||
|
||
|
Shadowyzard
Forum Senior Member
Joined: February 24 2020 Location: Davutlar Status: Offline Points: 4506 |
Post Options
Thanks(0)
Quote Reply
Posted: October 10 2020 at 09:29 |
|
|
Prog is meant to be labyrinthine and adventurous. So the lack of security adds the necessary uncanny air to the concept.
|
||
|
||
|
Vompatti
Forum Senior Member
VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67451 |
Post Options
Thanks(0)
Quote Reply
Posted: October 12 2020 at 10:57 |
|
|
Didn't https at least partly work before the weekend though? I got the "not secure" warning for most but not all of the forum pages but in either case the page loaded fine.
|
||
|
||
|
chopper
Special Collaborator
Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 20032 |
Post Options
Thanks(0)
Quote Reply
Posted: October 12 2020 at 12:35 |
|
I was getting this earlier but it seems to be ok now
|
||
|
||
|
mike.bo
Forum Newbie 
Joined: October 11 2020 Location: Chicago Status: Offline Points: 1 |
Post Options
Thanks(0)
Quote Reply
Posted: October 12 2020 at 12:41 |
|
|
None of our DJs at progrock.com can perform searches or view discographies, and we have staff around the world using many different browsers - Brave, Chrome, Firefox, et al. Everyone is getting Error 522, Connection timed out. It appears to have been broken since Saturday. Just FYI...
Regards, mikebo
Edited by mike.bo - October 12 2020 at 12:48 |
||
|
||
|
I prophesy disaster
Forum Senior Member
Joined: December 31 2017 Location: Australia Status: Offline Points: 4918 |
Post Options
Thanks(0)
Quote Reply
Posted: October 12 2020 at 13:42 |
|
|
I am finding that if I search for an artist on the home page, then click on the discography and reviews link for that artist on the search result page, I get an error 522. However, if I copy the URL underneath the discography and reviews link, past it into the address bar, and change the https to http, it works.
|
||
|
No, I know how to behave in the restaurant now, I don't tear at the meat with my hands. If I've become a man of the world somehow, that's not necessarily to say I'm a worldly man.
|
||
|
||
|
Catcher10
Forum Senior Member
VIP Member Joined: December 23 2009 Location: Emerald City Status: Offline Points: 17966 |
Post Options
Thanks(0)
Quote Reply
Posted: October 12 2020 at 22:17 |
|
|
^ Sounds like a lot of unnecessary work to use the website........
|
||
  
|
||
|
||
|
Luis de Sousa
Forum Senior Member
Joined: April 17 2008 Location: Wageningen Status: Offline Points: 160 |
Post Options
Thanks(0)
Quote Reply
Posted: October 13 2020 at 08:40 |
|
That should not happen. I tried it myself and get the 522 all the same. I suspect your browser is doing something there behind the scenes. The report from Digicert is below. Beyond the 522 it also reports a vulnerability to Heartbleed.  |
||
|
||
|
Meltdowner
Special Collaborator
Honorary Collaborator Joined: June 25 2013 Location: Portugal Status: Offline Points: 10273 |
Post Options
Thanks(0)
Quote Reply
Posted: October 20 2020 at 05:37 |
|
|
So now the site redirects from https to http
 |
||
|
||
|
Catcher10
Forum Senior Member
VIP Member Joined: December 23 2009 Location: Emerald City Status: Offline Points: 17966 |
Post Options
Thanks(0)
Quote Reply
Posted: October 20 2020 at 09:07 |
|
|
||
|
|
||
|
||
|
Vompatti
Forum Senior Member
VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67451 |
Post Options
Thanks(0)
Quote Reply
Posted: October 29 2020 at 09:29 |
|
|
||
|
||
|
Vompatti
Forum Senior Member
VIP Member Joined: October 22 2005 Location: elsewhere Status: Offline Points: 67451 |
Post Options
Thanks(0)
Quote Reply
Posted: November 24 2020 at 12:45 |
|
|
Regarding this, is it really a good idea to change your password now that you're forced to send it over unencrypted? Unless it will be stored as plain text anyway, which wouldn't surprise me.
|
||
|
||
|
nick_h_nz
Collaborator 
Prog Metal / Heavy Prog Team Joined: March 01 2013 Location: Suffolk, UK Status: Offline Points: 6737 |
Post Options
Thanks(0)
Quote Reply
Posted: November 24 2020 at 13:22 |
|
|
That’s exactly why I haven’t bothered changing my password. As long as this site is running on http and not https, then I may as well keep the password I have. Any change to a new one is really no more secure.
|
||
|
||
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options
DamoXt7942 wrote: