Logging in to this site

**Yomanze** · 21-04-2017, 13:04

Originally Posted by struth

if you have a robust password then you will have no problems i think

This is why Firefox is warning because password strength is irrelevant if not sent through an encrypted (HTTPS) page.

I use different passwords on forums for this reason and use huge passphrases for my sensitive logins. Consider that a password such as "ilikehifiandcheese" is far more secure than "R3!ww3?n" despite lack of special characters, uppercase and numbers due to the length.

**struth** · 21-04-2017, 13:24

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

**dave2010** · 21-04-2017, 13:43

Originally Posted by struth

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

It's possible to have ssl/https connections only for the login phase I think. Given that most of the traffic can be visible to anyone who wants to intercept it, the main concern must be if users are likely to use similar passwords for different sites.

**dave2010** · 21-04-2017, 13:51

Originally Posted by struth

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your [sic] getting the warning

Nope. Clicking on the little 'i' in the circle to the left of the URL window shows that it is the http:// variant of AoS (i.e. the only variant). It's a recent Firefox feature I think since version 51. There is a drop down menu with more options and info.

**Beechwoods** · 21-04-2017, 19:56

Originally Posted by struth

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

Grant is right. AOS is currently not configured to work over HTTPS / SSL. Out of the box, vBulletin was historically a bugger to get working over HTTPS. This is now less of an issue, but it still requires additional (expensive) certificates, and since we're not running ecommerce (an online shop) or carrying out banking or other stuff which requires encrypted connections between you and the site, it's not something we've pursued.

There is a movement towards forcing sites to use HTTPS when requiring passwords to log-on. I think this is fair enough for sites where the risk from someone 'hacking' your connection and intercepting your traffic (like with a shop, or bank), but for a forum like this? It's not something I'd worry about.

If the message bugs you and you still want to use Firefox, this link tells you how to disable the warning:

http://www.trishtech.com/2017/03/dis...ng-in-firefox/

If you do disable the warning, and even if you don't, I recommend using the HTTPS Everywhere plugin from the EFF. This ensures that you always connect to Secure Sites via HTTPS if HTTPS is supported. If a site has enabled HTTPS it's because they think you need it, and in that case, you're better with it than not

Thread: Logging in to this site

Thread Tools

Display

Hybrid View

Posting Permissions