Author Topic: FORUM CHANGE: HTTPS Secure only access  (Read 1946 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31346
  • Country: au
    • EEVblog
FORUM CHANGE: HTTPS Secure only access
« on: May 24, 2019, 03:17:49 am »
Shortly we'll be changing the forum to force everyone to use a secure https connection.
I get far too many people complaining about the lack of security on the forum (even though they have the option to use https), and I think it's prudent that we enable all connection to be secure.
I realise there are some who needed/wanted an unsecure http access, but I think that doesn't outweigh the importance of security for all by default.

So you may have to log out and back in or something, I'm not sure.

If there are any issues please let us know.

Thanks
 
The following users thanked this post: madires, bitwelder, 3roomlab, xrunner, thm_w, boffin, TheSteve, bitseeker, ChunkyPastaSauce, ansonbao, Mick

Offline gnif

  • Administrator
  • *****
  • Posts: 1160
  • Country: au
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #1 on: May 24, 2019, 03:37:25 am »
It's been done :)

Nobody should need to re-login.
HostFission - Full Server Monitoring and Management Solutions.
https://hostfission.com/
https://twitter.com/HostFission

Note: I am NOT a moderator or arbiter of disputes, my Admin level of access is so that I can perform management of the server on behalf of Dave. Do not contact me over such issues
 
The following users thanked this post: EEVblog, boffin, bitseeker, ChunkyPastaSauce, sokoloff, Andrew McNamara

Offline bitseeker

  • Super Contributor
  • ***
  • Posts: 8534
  • Country: us
  • Lots of engineer-tweakable parts inside!
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #2 on: May 24, 2019, 04:48:37 am »
I've been using the secure connection since it became optionally available. Works great. Still working.
I TEA.
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10027
  • Country: au
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #3 on: May 24, 2019, 05:08:55 am »
I've been using the secure connection since it became optionally available. Works great. Still working.

Same here.

Just checked it.  Previously, I could switch between http and https and the URLs would continue as whichever one I had entered.  Now it reverts to https straight away.

As above, I haven't had any problems.
 

Offline TheDefpom

  • Frequent Contributor
  • **
  • Posts: 307
  • Country: nz
  • YouTuber Nerd
    • The Defpom's Channel
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #4 on: May 24, 2019, 08:09:59 am »
Secure connections should be transparent if the server is correctly configured, using htaccess redirects etc.

I’ve not had any issues when swapping over to https in any of my sites, so expect the forum to be fine too as long as the server is automatically redirecting correctly.

Offline Towger

  • Super Contributor
  • ***
  • Posts: 1577
  • Country: ie
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #5 on: May 24, 2019, 08:36:26 am »
The forum is no longer working with Tapatalk.  There are no error messages being returned, just the wait icon spinning.
It may require the url registered with Tapatalk changed to start with https://

How secure is TLS 1.2 anyway? 
« Last Edit: May 24, 2019, 08:48:56 am by Towger »
 

Offline ChunkyPastaSauce

  • Supporter
  • ****
  • Posts: 537
  • Country: 00
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #6 on: May 24, 2019, 10:28:24 am »
I've been using the secure connection since it became optionally available. Works great. Still working.

Same here.

Just checked it.  Previously, I could switch between http and https and the URLs would continue as whichever one I had entered.  Now it reverts to https straight away.

Since related, https://www.eff.org/https-everywhere
Automatically forces https connections if possible
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31346
  • Country: au
    • EEVblog
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #7 on: May 24, 2019, 11:39:14 am »
The forum is no longer working with Tapatalk.  There are no error messages being returned, just the wait icon spinning.
It may require the url registered with Tapatalk changed to start with https://

Try now.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31346
  • Country: au
    • EEVblog
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #8 on: May 24, 2019, 11:59:29 am »
The forum is no longer working with Tapatalk.  There are no error messages being returned, just the wait icon spinning.
It may require the url registered with Tapatalk changed to start with https://

Try now.
Posting from tapatalk

Sent from my HMA-L29 using Tapatalk

 

Offline Towger

  • Super Contributor
  • ***
  • Posts: 1577
  • Country: ie
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #9 on: May 24, 2019, 12:14:55 pm »
Tapatalk is working again. Restarted phone as well, but not sure that was needed.
 

Offline JustMeHere

  • Frequent Contributor
  • **
  • Posts: 266
  • Country: us
Re: FORUM CHANGE: HTTPS Secure only access
« Reply #10 on: September 24, 2019, 05:39:08 am »
Hey Dave, I don't see the HSTS header.  It might be a good idea to turn that on.  It makes the browser "know" it should use HTTPS.  A browser which has been to your site before will automatically use HTTPS and the redirect is not used.  The redirect is still needed, but this stops bookmarks from having the wrong mode saved.

You should have a header like the one below:

strict-transport-security: max-age=31536000;includeSubDomain

Here's some more detail:
https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/

This is important if you take online payments.  It should also help you score a bit higher on SEO.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf