Securing PA with HTTPS
Printed From: Progarchives.com
Category: Site News, Newbies, Help and Improvements
Forum Name: Help us improve the site
Forum Description: Help us improve the forums, and the site as a whole
URL: http://www.progarchives.com/forum/forum_posts.asp?TID=124229
Printed Date: February 21 2025 at 22:57
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com
Topic: Securing PA with HTTPS
Posted By: Luis de Sousa
Subject: Securing PA with HTTPS
Date Posted: October 07 2020 at 00:27
|
Hi all, as you may have noticed, every time you log on to PA from Chromium or Firefox, the browser warns you that the site is not secure. This happens because PA still functions on the old HTTP protocol, without encryption. The passwords are sent in clear text to the server and can easily be intercepted. A few more technical details in the post below: https://serverguy.com/ssl/google-forcing-ssl-certificate-websites/ Google and Mozilla have started flagging all websites using the old protocol as insecure a couple of years ago and there are persistent rumors about their browsers will blocking insecure websites altogether in the near future. Is the admin team working to set up HTTPS for PA? Or is there another plan in place? Thank you. ------------- http://attheedgeoftime.blogspot.com/search/label/music" rel="nofollow - Music musings | http://www.last.fm/user/Luis_de_Sousa" rel="nofollow - Last.fm profile |
Replies:
Posted By: DamoXt7942
Date Posted: October 07 2020 at 00:44
Only the Owner M@X can deal with this issue. We Admins cannot do anything, sadly.  ------------- http://www.facebook.com/damoxt7942" rel="nofollow"> 
|
Posted By: chopper
Date Posted: October 07 2020 at 03:16
| Good question. I'm not an expert on internet protocol but there is an https://www.progarchives.com" rel="nofollow - https://www.progarchives.com . |
Posted By: DamoXt7942
Date Posted: October 07 2020 at 03:26
^ Wow ... not realized until now.  ------------- http://www.facebook.com/damoxt7942" rel="nofollow">
|
Posted By: Meltdowner
Date Posted: October 07 2020 at 04:18
|
It only lacks a redirect rule then. M@x could do that in a minute. |
Posted By: Rivertree
Date Posted: October 07 2020 at 04:45
|
yep, I remember problems occuring with the display of rating stars under https seem to have vanished ------------- https://awesomeprog.com/users/Rivertree" rel="nofollow">  |
Posted By: Sean Trane
Date Posted: October 07 2020 at 05:16
TBH, I wonder why he hasn't upgradfed to https years ago. This probably would've avoided the painful craptcha episode. |
DamoXt7942 wrote:Posted By: Luis de Sousa
Date Posted: October 10 2020 at 09:21
That address is currently returning a 522 error (connection timeout). It looks like HTTP is the only thing working at the moment. Thanks for the info in any case. ------------- http://attheedgeoftime.blogspot.com/search/label/music" rel="nofollow - Music musings | http://www.last.fm/user/Luis_de_Sousa" rel="nofollow - Last.fm profile |
Posted By: Shadowyzard
Date Posted: October 10 2020 at 09:29
Prog is meant to be labyrinthine and adventurous. So the lack of security adds the necessary uncanny air to the concept. 
|
Posted By: Vompatti
Date Posted: October 12 2020 at 10:57
| Didn't https at least partly work before the weekend though? I got the "not secure" warning for most but not all of the forum pages but in either case the page loaded fine. |
Posted By: chopper
Date Posted: October 12 2020 at 12:35
I was getting this earlier but it seems to be ok now
|
Posted By: mike.bo
Date Posted: October 12 2020 at 12:41
|
None of our DJs at progrock.com can perform searches or view discographies, and we have staff around the world using many different browsers - Brave, Chrome, Firefox, et al. Everyone is getting Error 522, Connection timed out. It appears to have been broken since Saturday. Just FYI... Regards, mikebo
|
Posted By: I prophesy disaster
Date Posted: October 12 2020 at 13:42
|
I am finding that if I search for an artist on the home page, then click on the discography and reviews link for that artist on the search result page, I get an error 522. However, if I copy the URL underneath the discography and reviews link, past it into the address bar, and change the https to http, it works. ------------- No, I know how to behave in the restaurant now, I don't tear at the meat with my hands. If I've become a man of the world somehow, that's not necessarily to say I'm a worldly man. |
Posted By: Catcher10
Date Posted: October 12 2020 at 22:17
^ Sounds like a lot of unnecessary work to use the website........ -------------   
|
Posted By: Luis de Sousa
Date Posted: October 13 2020 at 08:40
That should not happen. I tried it myself and get the 522 all the same. I suspect your browser is doing something there behind the scenes. The report from Digicert is below. Beyond the 522 it also reports a vulnerability to Heartbleed.  ------------- http://attheedgeoftime.blogspot.com/search/label/music" rel="nofollow - Music musings | http://www.last.fm/user/Luis_de_Sousa" rel="nofollow - Last.fm profile |
Posted By: Meltdowner
Date Posted: October 20 2020 at 05:37
So now the site redirects from https to http  |
Posted By: Catcher10
Date Posted: October 20 2020 at 09:07
-------------
|
Posted By: Vompatti
Date Posted: October 29 2020 at 09:29
|
Posted By: Vompatti
Date Posted: November 24 2020 at 12:45
Regarding http://www.progarchives.com/forum/forum_posts.asp?TID=124668&FID=9&PR=3" rel="nofollow - this , is it really a good idea to change your password now that you're forced to send it over unencrypted? Unless it will be stored as plain text anyway, which wouldn't surprise me. 
|
Posted By: nick_h_nz
Date Posted: November 24 2020 at 13:22
|
That’s exactly why I haven’t bothered changing my password. As long as this site is running on http and not https, then I may as well keep the password I have. Any change to a new one is really no more secure. ------------- https://tinyurl.com/nickhnz-tpa" rel="nofollow - Reviewer for The Progressive Aspect |
Posted By: tempest_77
Date Posted: September 09 2022 at 11:45
|
Reviving this post given the recent redirect issue + my comment on that thread in the bug report forum. ------------- I use they/them pronouns (feel free to ask me about this!) Check out my music on https://tempestsounds.bandcamp.com/" rel="nofollow - my bandcamp ! |
Posted By: M@X
Date Posted: November 12 2022 at 05:42
|
I've activated a SECURE HTTPS protocol , I think it works now. Let me know
------------- Prog On ! |
Posted By: chopper
Date Posted: November 12 2022 at 06:16
| just edited my shortcut, seems to work ok. |
Posted By: M@X
Date Posted: November 12 2022 at 06:24
|
Ok, i might have to tweak a bit more to FORCE the HTTP traffic to HTTPS. I'll post back later about this Tx ------------- Prog On ! |