Jump to content

Security Warning


Recommended Posts

Posted

FYI, I'm receiving the following warning in FF52.0 when logging in:

 

warning.png

Posted

Hi this happens for me also. It is due to not being able to connect to a HTTPS connection like: https://www.cadtutor.net

Without HTTPS it is easy to intercept the login details. For example on a WiFi hotspot. However to get https you need to pay more money.

It is standard practice for website with login requirements to have a HTTPS connection to secure the details of its users. And is my belief that this website should be HTTPS for logged in users.

Posted
However to get https you need to pay more money.

It is standard practice for website with login requirements to have a HTTPS connection to secure the details of its users. And is my belief that this website should be HTTPS for logged in users.

 

Care to make a donation for this?

Posted

No security warnings here using Google Chrome.

  • Dislike 1
Posted

no security warnings here site works fine with google chrome also

Posted

I just posted about this on another thread:

 

There was a bit of an issue last week when Firefox updated to v52 and started blocking 'insecure' HTTP sites.

 

It's a new 'security' feature in Firefox.

https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

 

However for some reason it was blocking logins, and automatic form filling, on all vBulletin (and Xenforo) based forums (didn't matter if they were HTTP or HTTPS).

 

In Firefox you can fix the form filling behavour by going to- about:config (type it into the address bar) and toggling 'signon.autofillForms.http' from false to true.

 

 

The actual warning notice itself and the blocking seem to be controlled by:

'security.insecure_field_warning.contextual.enabled'

and

'security.insecure_password.ui.enabled'.

 

However if I toggle these to false to get rid of the warnings then logins are blocked altogether.

(I suspect that this is intentional- either warning or blocked altgether).

Posted

Firefox also gives me the same warning when i sign in to the Cad tutor forum.

Posted
Care to make a donation for this?

I understand this is a donation and ad run website and https is expensive.

And I just realized that it has been a while since I donated. I have fixed that now.

Posted

Hi All. Just to be clear, this site is no more or less secure than it has always been. What we're seeing here is a change in policy from a browser vendor. Traditionally, HTTPS encryption has been used for e-commerce sites where credit card details are passed over the web and this makes good sense. Mozilla have extended this principle to include all sites that ask for any user input. In my opinion and those of many others, this is overkill and the policy is not shared by other browser vendors. However, I do understand that security on the web should be at the forefront of everyone's mind and I will certainly look into the possibility of providing HTTPS connections here at CADTutor.

Posted
In my opinion and those of many others, this is overkill and the policy is not shared by other browser vendors.

 

I agree that this is overkill.

 

There is a slight justification for it in that usernames and passwords harvested, by a hack, from HTTP sites, might have been re-used by the user on HTTPS sites where they are doing credit card transactions, etc.

 

But that is down to user laziness about using different passwords, not the required level of security needed for a particular website.

 

Certain browser developers seem to think that they have somehow become the 'Internet Police'.

Worse that that, they are now trying to force us to do what they think is right.

 

It's a bit like insisting that your home should have the same level of security that your bank does.

 

PS. Chrome is doing this as well, but not as agressively. (Or should that be clumsily?)

Posted

There's no doubt that HTTPS is likely to become a new standard for all websites - there are some new technologies on the horizon that require it and it's rumoured that Google give a ranking boost to those sites using it. I've been looking at options for this domain and will have some news shortly.

Posted

If we could mark certain posts as solutions, then #6 (nukecad) would be it.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...