+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Logging in to this site

  1. #11
    Join Date: Feb 2010

    Location: London, UK

    Posts: 1,098
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    if you have a robust password then you will have no problems i think
    It doesn't matter how "robust" your password is if a hacker can actually read it. There's a low probability here, as a hacker would have to intercept the data stream as the password was sent across and capture it, but there are people out there with equipment and determination to do just that. They don't even have to capture the password in a fraction of a second, but could grab a great chunk of data traffic, then analyse it later to gather passwords. They would probably use automatic tools for that. Also, while a single hacker might not be able to do very much, groups of hackers could work in collaboration.

    Whether for non critical sites (I'm assuming AoS is one such - do I really care if anyone knows what CDs I like, whether I have any vinyl, what my cartridge preferences are etc.?) hackers could build up information which they would consider useful and use against me or us collectively I don't know.
    Dave

  2. #12
    Join Date: Feb 2013

    Location: W Lothian

    Posts: 37,881
    I'm Grant.

    Default

    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    Regards,
    Grant ....

    I've said it before and I'll say it again: democracy simply-doesn't-work
    .... ..... ...... ...... ................... ..... ..... ..... ..... .....
    DENON DV2900 - TWIN PRO MONOBLOCK AMPLIFIERS - XIANG SHENG DAC\PRE\HEADPHONE AMP - AVANTREE OASIS CLASS 1 BLUETOOTH - AUDIO TECHNICA ATH-MSR7 & OPPO PM-3 PLANAR HEADPHONES - WIN10 JRIVER23, SPOTIFY PREMIUM - ECHO DOT - SMSL M6 MINIDAC - FULL RANGE TWIN TELEFUNKEN's - Q ACOUSTIC BT3 actives - CANTON SUB - MAINS REGENERATED AND FILTERED.

  3. #13
    Join Date: Feb 2010

    Location: London, UK

    Posts: 1,098
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    It's possible to have ssl/https connections only for the login phase I think. Given that most of the traffic can be visible to anyone who wants to intercept it, the main concern must be if users are likely to use similar passwords for different sites.
    Dave

  4. #14
    Join Date: Feb 2010

    Location: London, UK

    Posts: 1,098
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your [sic] getting the warning
    Nope. Clicking on the little 'i' in the circle to the left of the URL window shows that it is the http:// variant of AoS (i.e. the only variant). It's a recent Firefox feature I think since version 51. There is a drop down menu with more options and info.
    Dave

  5. #15
    Join Date: May 2008

    Location: Bristol, UK

    Posts: 9,827
    I'm Nick.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    Grant is right. AOS is currently not configured to work over HTTPS / SSL. Out of the box, vBulletin was historically a bugger to get working over HTTPS. This is now less of an issue, but it still requires additional (expensive) certificates, and since we're not running ecommerce (an online shop) or carrying out banking or other stuff which requires encrypted connections between you and the site, it's not something we've pursued.

    There is a movement towards forcing sites to use HTTPS when requiring passwords to log-on. I think this is fair enough for sites where the risk from someone 'hacking' your connection and intercepting your traffic (like with a shop, or bank), but for a forum like this? It's not something I'd worry about.

    If the message bugs you and you still want to use Firefox, this link tells you how to disable the warning:

    http://www.trishtech.com/2017/03/dis...ng-in-firefox/

    If you do disable the warning, and even if you don't, I recommend using the HTTPS Everywhere plugin from the EFF. This ensures that you always connect to Secure Sites via HTTPS if HTTPS is supported. If a site has enabled HTTPS it's because they think you need it, and in that case, you're better with it than not
    Nick
    My system...


    Follow AOS on Twitter: @AoS_Forum

+ Reply to Thread
Page 2 of 2 FirstFirst 12



 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •