ProjectPuma is now 'secure'

Problems with the site? Suggestions, comments? Post them all here!

Moderator: Moderators

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 3:49 pm

Well in terms of transport from your PC/phone to the webserver the connection is now encrypted.

It means that you should now see a green padlock etc.

The main reason for this is because a lot of browsers are warning when https is not in use and more recently when you've put a password in to a login box.

Hopefully this is all seamless, it's worked ok for me but if you have any issues then let me know.
1 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
tuonokid
Project Elder
Project Elder
Posts: 3631
Joined: Fri Nov 23, 2012 8:41 pm
Model: 1.7
Location: Huddersfield

ProjectPuma is now 'secure'

Post by tuonokid » Wed Mar 22, 2017 3:56 pm

I didn't understand a word of that Red but thanks very much anyway :-)
2 x
2001 ColOrado red Puma 1.7, work in progress.
Westfield SEIW 1800 Zetec.
Building Westfield SEI 2.0 Zetec Blacktop on TBs.
Fiesta Style 1.25
Aprilia Tuono Factory.
1975 Yamaha TY80
Now working on my sons Anglia 105e

My Project Link - http://www.projectpuma.com/viewtopic.php?f=64&t=23509" onclick="window.open(this.href);return false;

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 4:16 pm

It basically means that if anyone could be arsed and found a way to sit between your computer and the webserver they now can't see what you're posting.

For example to get to the Internet in an office you have to use your offices network, Internet connection etc. At any point in their network they could be intercepting your browsing traffic and if it isn't secure they could see exactly what you were doing.

This might be in the corporate TOS anyway and if so they might also have other means to see it but if it was not the corporation but an unauthorised member of staff for malicious reasons then you should be protected.

It's all pretty much educational anyway for this site other than it offer some security for your password submissions.
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Wed Mar 22, 2017 8:25 pm

Hi Red,

I'm seeing verified (blue) prior to login and then red broken lock - mixed content/partially encrypted flag after login. I tried with images disabled and it was the same. I'm rusty on SSL stuff, but I vaguely recall the M$ program 'Fiddler' tells you the state of play.

Doesn't bother me, just letting you know. :-)
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 9:04 pm

What browser are you using? It's not done that for me in Firefox, Edge or Chrome for Android.
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 10:13 pm

Tested in Chrome too and still only seeing secure.

And yes, if I could see an issue Fiddler could help.
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 10:22 pm

I see you're using Firefox on a Linux distro.

Odd that your Firefox is behaving differently to the Windows edition (Tried on Win10Anniversary and Win7Pro).
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Wed Mar 22, 2017 10:28 pm

red wrote: What browser are you using?
Firefox. Does the same in SafeMode as well.

Let me know if you want any tests done this end, but if it's only me seeing this then it's up to you, as it doesn't bother me.
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 10:30 pm

I'll test it on a Mac and decide.
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Wed Mar 22, 2017 10:53 pm

Just tried on a different (latest Release) version of Firefox (uses a different profile, as well) and it's doing the same, with the added enjoyment of a constant page reload as well.
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 11:04 pm

Is working ok in Safari on Mac.

Which Linux distro are you using?
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Wed Mar 22, 2017 11:12 pm

red wrote: Is working ok in Safari on Mac.

Which Linux distro are you using?
Peppermint, it's a variant of Mint. Don't bother with it, I'll figure it out my end sometime.

The tooltip on the broken lock reads - Warning: Contains unauthenticated content.
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Wed Mar 22, 2017 11:24 pm

If nothing else it's given me an excuse to turn the Mac on for the first time this year.
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Wed Mar 22, 2017 11:36 pm

Index page > Login > Index page shows full content and Console immediately throws up > Loading mixed (insecure) display content "http://i100.photobucket.com/albums/m1/P ... exgwku.jpg" on a secure page

Looking at index source, it appears it also lists Notifications as well. In this case, it was Fanwheel's avatar. Clear the notification, rinse and repeat and site now 'blue' on login. Of course, go to any of Fanwheel's posts and the red insecure immediately springs up.

For Fanwheel's peace of mind, I would stress that this situation is going to happen with any offsite image and there are thousands of them here.

Firefox always has 'gone the extra mile' on SSL stuff, to the point of being a bit OTT. Technically, I suppose it has a point, you could inject an exploit via an image, however I'll see if I can make this stuff a bit less 'strict' and lower the sensitivity somehow.
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Thu Mar 23, 2017 12:04 am

Looks like a members Puma, but can't imagine where that is on the front page?
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Thu Mar 23, 2017 12:16 am

red wrote: Looks like a members Puma, but can't imagine where that is on the front page?
I added to the post after a minute or two - 2nd para onwards, and I reckon you didn't reload the post? :-)
1 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Thu Mar 23, 2017 12:27 pm

I've found a page that will do this for me in FIreFox

viewtopic.php?f=20&t=29222

So I've read up on it and it's a task to over come on forum boards where people are posting offsite links to images and other content. Especially when places like Photobucket don't appear to have adopted the use of SSL yet for image links.

There is one potential solution but it needs more reading
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Thu Mar 23, 2017 2:06 pm

Maybe just SSL on Login page and possibly user profile pages?

If this only affected members, then probably you could just explain why it happens and then forget it. But, guests will get it too - viewtopic.php?f=13&t=30747 and there's no explaining to them.
0 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Fri Mar 24, 2017 11:55 am

See what it's like now Frank, I spent a bit of time creating a convoluted solution..
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
zinc2000
Guru!
Guru!
Posts: 1571
Joined: Thu Jun 28, 2012 4:24 pm
Model: Millennium
Location: Sunny Scotland

ProjectPuma is now 'secure'

Post by zinc2000 » Fri Mar 24, 2017 1:15 pm

I read all the posts on this thread and now know why I was rubbish at languages at School, understood nothing...fiddler?..peppermint? ...SSL?..and ..oh come on..linux distro?? :-( :-(

Entertaining though :grin:

Well done to whoever sorts it out though...whatever "it" is :?
1 x
Empty Scottish roads and a Puma, bring it on

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Fri Mar 24, 2017 1:19 pm

Making the padlock appear green in your browser :grin:
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
zinc2000
Guru!
Guru!
Posts: 1571
Joined: Thu Jun 28, 2012 4:24 pm
Model: Millennium
Location: Sunny Scotland

ProjectPuma is now 'secure'

Post by zinc2000 » Fri Mar 24, 2017 1:29 pm

My padlock is black and yellow :-(

And the one on my other shed is silver :grin:
0 x
Empty Scottish roads and a Puma, bring it on

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Fri Mar 24, 2017 1:44 pm

red wrote: See what it's like now Frank, I spent a bit of time creating a convoluted solution..
Looks like a win to me. :-)

Site tested on a variety of pages with local and off-site image content, from a variety of sources - all fine.

The only breaker is on embedded YT vids. - viewtopic.php?f=13&t=30747 But, they account for a tiny, tiny % of site content and YT does SSL equivalents of the links already, i.e. https://www.youtube.com/watch?v=0IYpXMpXoj0#t=62 So, either forget that one or a simple auto-redirect for those?

Well done, that man. :-)
1 x

User avatar
red
Site Administrator
Site Administrator
Posts: 10820
Joined: Wed Oct 03, 2007 4:31 pm
Model: Other
Location: Cambridgeshire
Contact:

ProjectPuma is now 'secure'

Post by red » Fri Mar 24, 2017 2:14 pm

How's that looking now Frank?
0 x
FRP#0201 (2000) 2009-2011
Melina Blue (1999) 2006-2009
Moondust Silver (2000) 2006

User avatar
Frank
Project Petrol Head!
Project Petrol Head!
Posts: 996
Joined: Sat Aug 17, 2013 6:14 pm
Model: 1.7
Location: East Sussex

ProjectPuma is now 'secure'

Post by Frank » Fri Mar 24, 2017 2:21 pm

red wrote: How's that looking now Frank?
That looks like we have a 100% 'secure' site now. :-)

:clap:
0 x

Post Reply

Return to “Site Support”