Do any of those browsers show a broken padlock?I just checked in other browsers on mac, and I don't get any warnings for chrome, safari or firefox... no doubt IE will on Windows.
Do any of those browsers show a broken padlock?I just checked in other browsers on mac, and I don't get any warnings for chrome, safari or firefox... no doubt IE will on Windows.
Doesn't sound right to me, either, I wondered why VBulletin now uses https on their forum.
Actually they converted their whole site to Https
It's a little annoying using their site now. Google Chrome always gives me a pop-up asking me if I want to leave their pages... On every page I click within their site.
Actually they converted their whole site to Https
It's a little annoying using their site now. Google Chrome always gives me a pop-up asking me if I want to leave their pages... On every page I click within their site.
often his attitude is not very desirable, but I think he's a great asset to the team.I'm not sure what's worse, them enabling httpS site wide, of the recruitment of Paul M.
I think the only skepticism you are encountering is related to the assertion that running via SSL would have any effect whatsoever upon the attacks you describe, rather than skepticism that the attacks took place or were effective.
Modern CPUs can do SSL encryption in hardware, so there should be little to no performance penalty, but there is a major issue with enabling SSL for an entire forum, and it's related to user-generated content.
If you serve a page with HTTPS, but allow media or image embedding from your users, these resources will almost always come from an HTTP source. This compromises the security of the page, as it allows remote client-side script to run, and therefore most browsers will inform users that the page is attempting to load insecure content and have them confirm their understanding before allowing the HTTP content to load. This can be seriously obstructive to user experience, and may frighten visitors who do not understand why they are receiving the warning.
Yes, you certainly could do that, but why would you? What benefit does SSL actually provide in these instances?What about a proxy?
All external resources URLs could be rewriten to proxy.php?REAL_URL which in turn proxies the real resource. Surely that would increase the load on the server by having to fetch all the external content and serve it with it's own bandwidth but it's one evil or the other. And that could easily be done inside the IMG tag
I am not Pro-SSL, in fact, I would only have the login with SSL. But if someone *really* wanted to move his whole site to https and also wants to get rid of the browser's warnings when you load non-https content in a https page that is one way to go.Yes, you certainly could do that, but why would you? What benefit does SSL actually provide in these instances?
It means that although the main page is HTTPS, it includes content that is not HTTPS. That can happen if even 1 image, css or js resource is served from a non https siteNot very useful if I can't find what it means. Doesn't seem to affect my ability to navigate the site.
To me, that defeats the point of SSL entirely.if someone *really* wanted to move his whole site to https and also wants to get rid of the browser's warnings when you load non-https content in a https page that is one way to go.
I only care about SSL for the encryption, so sniffers on the network cannot get ahold of the username and password (or hash)To me, that defeats the point of SSL entirely.
When someone visits an HTTPS page, they see the lock icon and expect you to have certified the content as bona fide. If you have loaded un-inspected third party content via a proxy in order to remove SSL warnings, you break that trust, as you can not assure your visitors that everything they see on that page is safe and provided by you.
With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.
They've been offering this for a long time, it isn't remotely new at all.Seems even Google is now shifting to SSL: https://encrypted.google.com/ under beta...
It seems Google have encountered the same issues, that none of us here obviously know about yet, that occurred to me and my users, let alone many other websites:
http://www.google.com/support/webse...age=guide.cs&guide=1224171&answer=173733&rd=1
Form data just has nothing to do with it any more... people are intercepting pages between the server and the browser and injecting malicious content... HTTPS, as was stated to myself by server techs, seems to be the only way to stop them doing this.
Now Google are also shifting to HTTPS suddenly, and have outlined why themselves, suddenly I no longer feel so crazy for having to shift my forum to HTTPS on the advice of leading server techs.
We use essential cookies to make this site work, and optional cookies to enhance your experience.