That is just a new firefox thing reporting what it thinks as insecure. (If somebody that has access to your network they could see your password as you sign on if they are looking at raw network traffic.)Richary wrote:Seem to be having problems when it tries to connect to the forums using https.
Using Firefox 52.0 (32-bit)Your connection is not secure
The owner of forum.geocaching.com.au has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Report Site Issues Here
Online
- Chwiliwr
- 10000 or more caches found
- Posts: 900
- Joined: 10 April 05 10:39 pm
- Location: Leeming Western Australia
Re: Report Site Issues Here
- CraigRat
- 850 or more found!!!
- Posts: 7015
- Joined: 23 August 04 3:17 pm
- Twitter: CraigRat
- Facebook: http://facebook.com/CraigRat
- Location: Launceston, TAS
- Contact:
Re: Report Site Issues Here
The site and forums are not configured for https. It's not improperly configured. It's just NOT configured.
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
We don't do HTTPS.
- Richary
- 8000 or more caches found
- Posts: 4189
- Joined: 04 February 04 10:55 pm
- Location: Waitara, Sydney
Re: Report Site Issues Here
Interesting that tonight was the first time it has complained when I just used my normal bookmark to come here. Must be something new in FF 52.0 which updated today. It was warning me that logins entered weren't secure, so I tried https instead. I will delve into FF settings and see if I need to mark the site as safe or something. And yes I would use Chrome instead like I do on the work machine but there are 2 users of this PC, so it makes sense for us to use different browsers so FF remembers my logins and Chrome can remember hers for things we both use.
Online
- Chwiliwr
- 10000 or more caches found
- Posts: 900
- Joined: 10 April 05 10:39 pm
- Location: Leeming Western Australia
Re: Report Site Issues Here
If you do find something to turn it off please advise in here as I couldn't when I looked.Richary wrote:Interesting that tonight was the first time it has complained when I just used my normal bookmark to come here. Must be something new in FF 52.0 which updated today. It was warning me that logins entered weren't secure, so I tried https instead. I will delve into FF settings and see if I need to mark the site as safe or something. And yes I would use Chrome instead like I do on the work machine but there are 2 users of this PC, so it makes sense for us to use different browsers so FF remembers my logins and Chrome can remember hers for things we both use.
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
Oh, FFS Firefox, stop being so freaken' annoying. This is indeed the age of the nanny state.
https://support.mozilla.org/t5/Protect- ... ta-p/27861
I don't use FF but try this:
https://support.mozilla.org/t5/Protect- ... ta-p/27861
I don't use FF but try this:
There is a hidden preference to turn off the warnings if they really annoy you and you think they'll never be of value.
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste insec and pause while the list is filtered
(3) Double-click the security.insecure_field_warning.contextual.enabled preference to switch the value from true to false
(4) Assume this login could be easily stolen and avoid re-using it on important sites
- Richary
- 8000 or more caches found
- Posts: 4189
- Joined: 04 February 04 10:55 pm
- Location: Waitara, Sydney
Re: Report Site Issues Here
Yes would be much nicer if we could just mark a site as safe. I am at home, there is no man in the middle attacks going to happen. And I hate to think what the new security options FF and Chrome are adding are going to do to me managing the work network. Some of our radios are https only, but on an internal 10.x.x.x address so of course they don't have valid security certificates. At the moment I can ignore that, but sooner or later who knows. We still have a few that use Java as an interface and I already have to go in and manually add that as an exception. You should be able to disable the warnings for a private network.
That said, is there a reason we don't do https and have a certificate (I guess it costs).
That said, is there a reason we don't do https and have a certificate (I guess it costs).
- CraigRat
- 850 or more found!!!
- Posts: 7015
- Joined: 23 August 04 3:17 pm
- Twitter: CraigRat
- Facebook: http://facebook.com/CraigRat
- Location: Launceston, TAS
- Contact:
Re: Report Site Issues Here
There is now a free issuer of SSL certificates (letsencrypt), but it's a bit fiddly to set up (they expire in 3 months and a script mechanism is needed to keep them up to date).
Currently in the too-hard-for-just-now basket, but on the radar.
(I've had chrome warn me in the address bar recently too, doesnt do it all the time though)
Currently in the too-hard-for-just-now basket, but on the radar.
(I've had chrome warn me in the address bar recently too, doesnt do it all the time though)
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
Apart from the password (which you shouldn't be using for any other site), there is no need for SSL. There is nothing secret about passing a request for a cache and the response to the cache coming back unencrypted. It's a level of nanny-ism that shouldn't be tolerated but the tools that are on offer force that upon us.
It's an amount of money per year (probably in the order of $100) and if you forget, well, no site for you. Subdomains need coverage by a wildcard certificate so the wiki and forum would mean we need a wildcard and that's about $400 or so. It's a level of development (that I can't answer) to install and use it.
In it's simplest terms, it's not necessary. Keep your password separate to any other site and as we don't collect CC informarion (PayPal does all of that for us which is why we use it), there is no risk in using this site.
It's an amount of money per year (probably in the order of $100) and if you forget, well, no site for you. Subdomains need coverage by a wildcard certificate so the wiki and forum would mean we need a wildcard and that's about $400 or so. It's a level of development (that I can't answer) to install and use it.
In it's simplest terms, it's not necessary. Keep your password separate to any other site and as we don't collect CC informarion (PayPal does all of that for us which is why we use it), there is no risk in using this site.
Re: Report Site Issues Here
Let's Encrypt provides certificates for free.caughtatwork wrote: It's an amount of money per year (probably in the order of $100) and if you forget, well, no site for you. Subdomains need coverage by a wildcard certificate so the wiki and forum would mean we need a wildcard and that's about $400 or so. It's a level of development (that I can't answer) to install and use it.
All your other arguments are moot too.
Edwin
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
That requires a skill I don't have, so I'll have to leave that to CR.
Re: Report Site Issues Here
Let me know if you need a hand with it.caughtatwork wrote:That requires a skill I don't have, so I'll have to leave that to CR.
Edwin
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
Work with CR, please. Background server stuff is all his.
Re: Report Site Issues Here
I know there is a problem with forum login, not sure if there is an issue with the Message / inbox feature as well, it doesn't seem to sort by newest, making it difficult to find new messages.
BTW is there a timeline for fixing the forum? its quiet difficult opening forum on mobile devices with the current bug.
BTW is there a timeline for fixing the forum? its quiet difficult opening forum on mobile devices with the current bug.
- caughtatwork
- Posts: 17017
- Joined: 17 May 04 12:11 pm
- Location: Melbourne
- Contact:
Re: Report Site Issues Here
It's all part of the same issue.