STD STD Board Info Request: Allow HTTPS

Request: Allow HTTPS

Request: Allow HTTPS

 
  • 0 Vote(s) - 0 Average
 
300SD81
GT2559V

187
03-18-2011, 02:45 PM #1
Would it be possible to configure the forum to not redirect from the secure version of a page to the nonsecure version? The invalid certificate is not an issue, only the redirect. We've been having a little firesheep epidemic on campus lately...

Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!
300SD81
03-18-2011, 02:45 PM #1

Would it be possible to configure the forum to not redirect from the secure version of a page to the nonsecure version? The invalid certificate is not an issue, only the redirect. We've been having a little firesheep epidemic on campus lately...


Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!

larsalan
Superturbo

1,272
03-18-2011, 03:46 PM #2
If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/det...lhlhkmfidi
maybe some similar add-ons for firefox


Rusted out beat down 300d turbo 82' -- RIP
Nice body, tons of ridiculous mechanical issues - 300d turbo 82' /motor 85'
larsalan
03-18-2011, 03:46 PM #2

If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/det...lhlhkmfidi
maybe some similar add-ons for firefox


Rusted out beat down 300d turbo 82' -- RIP
Nice body, tons of ridiculous mechanical issues - 300d turbo 82' /motor 85'

ForcedInduction
Banned

3,628
03-19-2011, 06:19 AM #3
What is there to secure here?
ForcedInduction
03-19-2011, 06:19 AM #3

What is there to secure here?

300D50
Graphite Moderator, ala RBMK

775
03-19-2011, 06:25 AM #4
Some firewalls don't block https, so the oldest trick is to use the https "version" f the site.

1990 Power Ram 50 V6 SOHC 24V 6g72

I can be wrong, don't take everything I say as verbatim, please fact-check first.
My posts are my personal opinions and thoughts, unless otherwise noted.
300D50
03-19-2011, 06:25 AM #4

Some firewalls don't block https, so the oldest trick is to use the https "version" f the site.


1990 Power Ram 50 V6 SOHC 24V 6g72

I can be wrong, don't take everything I say as verbatim, please fact-check first.
My posts are my personal opinions and thoughts, unless otherwise noted.

300SD81
GT2559V

187
03-19-2011, 02:07 PM #5
(03-18-2011, 03:46 PM)larsalan If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/det...lhlhkmfidi
maybe some similar add-ons for firefox

Using it right now, doesn't work very well on all sites.


(03-19-2011, 06:19 AM)ForcedInduction What is there to secure here?

See firesheep. Its going around, and lets people basically log in as you and mess with your accounts, post under them, etc. Not that many people on campus know what this site is, but I'm staying as secure as possible.

Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!
300SD81
03-19-2011, 02:07 PM #5

(03-18-2011, 03:46 PM)larsalan If you use google chrome browser I know there are some extensions that force https.
see
https://chrome.google.com/extensions/det...lhlhkmfidi
maybe some similar add-ons for firefox

Using it right now, doesn't work very well on all sites.


(03-19-2011, 06:19 AM)ForcedInduction What is there to secure here?

See firesheep. Its going around, and lets people basically log in as you and mess with your accounts, post under them, etc. Not that many people on campus know what this site is, but I'm staying as secure as possible.


Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!

winmutt
bitbanger

3,468
03-21-2011, 09:05 AM #6
I can do it but the cert will be self signed. Even then if someone can packet sniff you, SSL is hardly going to stop them if they really want your session.

1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42
winmutt
03-21-2011, 09:05 AM #6

I can do it but the cert will be self signed. Even then if someone can packet sniff you, SSL is hardly going to stop them if they really want your session.


1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42

aaa
GT2256V

913
03-21-2011, 03:12 PM #7
http://www.startssl.com/

Should be able to get a free one for the www subdomain, no?

And yes selfsigned would be an improvement, as long as you can save the cert before you go on an unsafe network you should be good.
aaa
03-21-2011, 03:12 PM #7

http://www.startssl.com/

Should be able to get a free one for the www subdomain, no?

And yes selfsigned would be an improvement, as long as you can save the cert before you go on an unsafe network you should be good.

300SD81
GT2559V

187
03-21-2011, 05:36 PM #8
Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.

Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!
300SD81
03-21-2011, 05:36 PM #8

Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.


Ich liebe meine Autos!

1981 Mercedes-Benz 300SD | 156K Miles | 2nd Owner | EGR Disabled [Removal Pending] | ALDA Removed | Straight Pipes | GT2256V??? | Laser Interceptor | Engine swap over summer, hopefully with GT2256V attached...

1981 Mercedes-Benz 300SD | Odo Stopped at 160K (at least 50K more) | EGR Disabled | ALDA All The Way Out | Straight pipes | FM-870 Remote Start Alarm System | B100 Biodiesel | AC Fixed x2 | Trunk crushed in Sad | Retired to garage.

Excessive speeding? It ain't excessive till I redline!

winmutt
bitbanger

3,468
03-23-2011, 09:21 AM #9
(03-21-2011, 05:36 PM)300SD81 Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.

According to the mybb forums its a "feature". I'll hack a fix in.

-Rolf

1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42
winmutt
03-23-2011, 09:21 AM #9

(03-21-2011, 05:36 PM)300SD81 Self signed is not a problem, the current one in the server is working, its only the forum software seems to redirect me from the secure to the nonsecure copy all the time, even with the Use HTTPS extension installed.

According to the mybb forums its a "feature". I'll hack a fix in.

-Rolf


1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42

winmutt
bitbanger

3,468
03-23-2011, 01:12 PM #10
(03-21-2011, 03:12 PM)aaa http://www.startssl.com/

"Google Chrome does not handle client certificate enrollment correctly, please use an alternative browser!"


I'll get the commodo $9/yr cert on payday.

1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42
winmutt
03-23-2011, 01:12 PM #10

(03-21-2011, 03:12 PM)aaa http://www.startssl.com/

"Google Chrome does not handle client certificate enrollment correctly, please use an alternative browser!"


I'll get the commodo $9/yr cert on payday.


1987 300D Sturmmachine
1991 300D Nearly Perfect
1985 300D Weekend/Camping/Dog car
1974 L508D Motoroam Monarch "NightMare"
OBK #42

 
  • 0 Vote(s) - 0 Average
Users browsing this thread:
 7 Guest(s)
Users browsing this thread:
 7 Guest(s)