+- STD (https://www.superturbodiesel.com/std)
+-- Forum: STD (https://www.superturbodiesel.com/std/forumdisplay.php?fid=17)
+--- Forum: Board Info (https://www.superturbodiesel.com/std/forumdisplay.php?fid=3)
+--- Thread: Request: Allow HTTPS (/showthread.php?tid=2422)
Request: Allow HTTPS - 300SD81 - 03-18-2011
Would it be possible to configure the forum to not redirect from the secure version of a page to the nonsecure version? The invalid certificate is not an issue, only the redirect. We've been having a little firesheep epidemic on campus lately...
RE: Request: Allow HTTPS - larsalan - 03-18-2011
If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/detail/kbkgnojednemejclpggpnhlhlhkmfidi
maybe some similar add-ons for firefox
RE: Request: Allow HTTPS - ForcedInduction - 03-19-2011
What is there to secure here?
RE: Request: Allow HTTPS - 300D50 - 03-19-2011
Some firewalls don't block https, so the oldest trick is to use the https "version" f the site.
RE: Request: Allow HTTPS - 300SD81 - 03-19-2011
(03-18-2011, 03:46 PM)larsalan If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/detail/kbkgnojednemejclpggpnhlhlhkmfidi
maybe some similar add-ons for firefox
Using it right now, doesn't work very well on all sites.
(03-19-2011, 06:19 AM)ForcedInduction What is there to secure here?
See firesheep. Its going around, and lets people basically log in as you and mess with your accounts, post under them, etc. Not that many people on campus know what this site is, but I'm staying as secure as possible.
RE: Request: Allow HTTPS - winmutt - 03-21-2011
I can do it but the cert will be self signed. Even then if someone can packet sniff you, SSL is hardly going to stop them if they really want your session.
RE: Request: Allow HTTPS - aaa - 03-21-2011
http://www.startssl.com/
Should be able to get a free one for the www subdomain, no?
And yes selfsigned would be an improvement, as long as you can save the cert before you go on an unsafe network you should be good.
RE: Request: Allow HTTPS - 300SD81 - 03-21-2011
Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.
RE: Request: Allow HTTPS - winmutt - 03-23-2011
(03-21-2011, 05:36 PM)300SD81 Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.
According to the mybb forums its a "feature". I'll hack a fix in.
-Rolf
RE: Request: Allow HTTPS - winmutt - 03-23-2011
(03-21-2011, 03:12 PM)aaa http://www.startssl.com/
"Google Chrome does not handle client certificate enrollment correctly, please use an alternative browser!"
I'll get the commodo $9/yr cert on payday.