+ Reply to Thread
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Logging in to this site

  1. #11
    Join Date: Feb 2010

    Location: Moved to frozen north, beyond Inverness

    Posts: 2,602
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    if you have a robust password then you will have no problems i think
    It doesn't matter how "robust" your password is if a hacker can actually read it. There's a low probability here, as a hacker would have to intercept the data stream as the password was sent across and capture it, but there are people out there with equipment and determination to do just that. They don't even have to capture the password in a fraction of a second, but could grab a great chunk of data traffic, then analyse it later to gather passwords. They would probably use automatic tools for that. Also, while a single hacker might not be able to do very much, groups of hackers could work in collaboration.

    Whether for non critical sites (I'm assuming AoS is one such - do I really care if anyone knows what CDs I like, whether I have any vinyl, what my cartridge preferences are etc.?) hackers could build up information which they would consider useful and use against me or us collectively I don't know.
    Dave

  2. #12
    Join Date: Feb 2013

    Location: W Lothian

    Posts: 99,005
    I'm Grant.

    Default

    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    Regards,
    Grant .... ؠ ......Don't be such a big girl's blouse

    I've said it before and I'll say it again: democracy simply-doesn't-work
    .... ..... ...... ...... ................... ..... ..... ..... ..... .....
    FIIO K7 BT, M11 PLUS, BTR7, KA5 - OPPO BDP-103D - PANASONIC UB450 - PANASONIC 4K ULTRA HD TV - PIXEL 6 - AVANTREE LR BLUETOOTH - 2* X600 SOUNDCORE - HEADPHONES INCLUDE, FIIO, NURAPHONES', FOCAL, OPPO, BOSE, CAMBRIDGE, BOWER & WILKINS, DEVIALET, MARSHALL, SONY, MITCHELL & JOHNSTON - 2*ZBOOK'S- MERCURY BD ROM, ROON, QOBUZ, TIDAL, PLEX, CYBERLINK, JRIVER - MULTI HDD'S -

    Oh my god! There's nothing wrong with the bidet is there?

    “Nothing discloses real character like the use of power. It is easy for the weak to be gentle. Most people can bear adversity. But if you wish to know what a man really is, give him power. This is the supreme test. It is the glory of Lincoln that, having almost absolute power, he never abused it, except on the side of mercy".

    “You see these dictators on their pedestals, surrounded by the bayonets of their soldiers and the truncheons of their police ... yet in their hearts there is unspoken fear. They are afraid of words and thoughts: words spoken abroad, thoughts stirring at home -- all the more powerful because forbidden -- terrify them. A little mouse of thought appears in the room, and even the mightiest potentates are thrown into panic.”

    "You don't have free will. You have the appearance of free will.”

    “There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!”


    ***SMILE, BE HAPPY***

  3. #13
    Join Date: Feb 2010

    Location: Moved to frozen north, beyond Inverness

    Posts: 2,602
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    It's possible to have ssl/https connections only for the login phase I think. Given that most of the traffic can be visible to anyone who wants to intercept it, the main concern must be if users are likely to use similar passwords for different sites.
    Dave

  4. #14
    Join Date: Feb 2010

    Location: Moved to frozen north, beyond Inverness

    Posts: 2,602
    I'm Dave.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your [sic] getting the warning
    Nope. Clicking on the little 'i' in the circle to the left of the URL window shows that it is the http:// variant of AoS (i.e. the only variant). It's a recent Firefox feature I think since version 51. There is a drop down menu with more options and info.
    Dave

  5. #15
    Join Date: May 2008

    Location: Bristol, UK

    Posts: 9,962
    I'm Nick.

    Default

    Quote Originally Posted by struth View Post
    AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning
    Grant is right. AOS is currently not configured to work over HTTPS / SSL. Out of the box, vBulletin was historically a bugger to get working over HTTPS. This is now less of an issue, but it still requires additional (expensive) certificates, and since we're not running ecommerce (an online shop) or carrying out banking or other stuff which requires encrypted connections between you and the site, it's not something we've pursued.

    There is a movement towards forcing sites to use HTTPS when requiring passwords to log-on. I think this is fair enough for sites where the risk from someone 'hacking' your connection and intercepting your traffic (like with a shop, or bank), but for a forum like this? It's not something I'd worry about.

    If the message bugs you and you still want to use Firefox, this link tells you how to disable the warning:

    http://www.trishtech.com/2017/03/dis...ng-in-firefox/

    If you do disable the warning, and even if you don't, I recommend using the HTTPS Everywhere plugin from the EFF. This ensures that you always connect to Secure Sites via HTTPS if HTTPS is supported. If a site has enabled HTTPS it's because they think you need it, and in that case, you're better with it than not
    Nick
    My system...


    Follow AOS on Twitter: @AoS_Forum

+ Reply to Thread
Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •