Official ICE Forums
Iron Crown Enterprises => Website and Forum Feedback => Topic started by: Jhaierr on March 14, 2018, 02:26:02 AM
-
Hello! The forum does not seem to allow us to use https:// as an option, and it seems that our forum username/password is sent over an unsecured connection. (Please correct me if I'm wrong.) Would there be a way to remedy this in the near future?
-
I concur with Jhaierr.
Also there's another important reason to upgrade to https. It improves the site's google search ranking. In google's own words, "we're starting to use HTTPS as a ranking signal."
From https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html (https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html).
-
Let's Encrypt offers free certificates. https://letsencrypt.org/ (https://letsencrypt.org/) We used it for our LARP's web site.
I don't think your host supports it directly (some hosts do, including Dreamhost, which makes it super easy) but it might still be possible to use.
-
Any word on this? I would love to not have my username/password sent over an unencrypted connection. :)
-
Any news about whether it'd be possible to have this?
-
In July, all sites that do not use HTTPS, regardless of form fields or login information on the page, will be marked as "Not Secure" by Chrome and Firefox in the address bar: https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html (https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html) This site is already displaying that warning whenever you login or type in any form field.
I believe the forum (and all of ironcrown.com) should move to HTTPS for all pages. I think SMF 2.0.15 has this as an option, so if you upgrade the forum to that version, it should be easier to make the transition in the forums. (I believe you are using 2.0.* right now.)
-
We are reviewing it.
-
We are reviewing it.
I think that is the most insipid response I have ever seen to a suggestion by a supporter.
-
I think that is the most insipid response I have ever seen to a suggestion by a supporter.
Well, I personally interpreted Thom's response as merely a quick message to let us know they are looking into it.
I'm a bit tenacious, and my last message was somewhat forward. So I apologize if I was a little too much there.
-
I am not an IT expert, so any change like this requires some degree of outside support and along with that requires research. I am reviewing what is involved considering how our site is hosted and what I am comfortable doing myself vs outside contracting, as well as who to deal with to get it done. The concern will be addressed but the detailed plan is not yet determined.
In short, we are reviewing it.
-
I am not an IT expert, so any change like this requires some degree of outside support and along with that requires research. I am reviewing what is involved considering how our site is hosted and what I am comfortable doing myself vs outside contracting, as well as who to deal with to get it done. The concern will be addressed but the detailed plan is not yet determined.
In short, we are reviewing it.
Good luck! I hope it's easier than expected.
-
Just a quick update on upcoming security-related changes to Chrome:
https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html (https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html)
tl;dr: In October, with Chrome 70, sites that do not use a secure connection (i.e., use HTTPS) will be marked with a red "! Not secure" warning once someone begins to type in a form field. Other browsers are moving in this direction as well.
I know you're working on it. :) I just thought folks would find this informative.
-
FYI, it's now apparently working (tested with Safari, Firefox, I.E. and Chrome so it should cover most browsers).
-
Nice! I still get a "parts of this page are not secure (such as images)" but otherwise working. I think that message is because a couple of images (from the theme I think) are hosted on http://gator1849.hostgator.com, it would probably work if they were just copied and linked to somewhere on https://www.ironcrown.com. Also, a couple of the avatar pictures are also not stored locally and are on www.gwathyr.net. I'm not sure if that's true for avatar images from the gallery or only when the user has specified a URL for the image themself (which you could probably disable and just have them upload it here).
Still a nice improvement, thanks!
-
may i propose a http to https redirect ?
https://geekflare.com/http-to-https-redirection/ (https://geekflare.com/http-to-https-redirection/)