DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > How to Use the Forum

Reply
 
Thread Tools Display Modes
Old 05-01-2017, 09:43 AM   #1
sky4forums
Member
 
sky4forums's Avatar
 
Join Date: Aug 2008
Location: Ohio, USA
Posts: 306
Default Unsecure login?

Why is the login procedure for this forum unsecure? Firefox just told me that while logging in.

   
__________________
- Sky
See my photos at http://skyockey.smugmug.com
sky4forums is offline   Reply With Quote
Old 05-01-2017, 12:42 PM   #2
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,944
Default

It's a new "feature" of the most current version of Firefox and it means absolutely nothing--it's a money grab on the part of the powers that be in an attempt to charge domain owners for "security" certificates.

Basically, you can ignore it...


Terrie
terrie is offline   Reply With Quote
Old 05-02-2017, 03:56 AM   #3
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

Current versions of Firefox and Chrome show security warnings when a page contains a form which asks for a password when the submitted data is not protected by encryption (SSL). This will at a later date be expanded to show on all forms requiring submission by the site user whether a password field is present or not. According to Google Chrome (and Firefox) will show a warning on any webpage viewed without a valid SSL certificate being in place.

So why are they doing this? It is because of the enormous issue of identity/data theft and the fact that just about everybody at some stage uses a public wifi service in a pub, coffee bar, libray, store etc. It is relatively easy to intercept data being sent over a wifi network, and thus obtain usernames, passwords etc when sent in plain text. To protect the population from this crime is not easy, and I believe that some government departments initially discussed this with ISPs and other service providers with a view to encrypting such data. Google was quick to jump on this and the first to recommend the introduction of SSL validated encryption for all website traffic. It first started to give higher ranking the those websites that use SSL (to encourage site owners to install certificates) and then followed with the introduction of warnings in browsers, currently the most intrusive is the warning in Firefox.

Traditional SSL certificates have cost money and have a requirement for a fixed IP address, but the increasing availability of low cost and free Domain Validation (DV) SSL certificates which do not require a fixed IP has meant that a SSL solution is available for those low risk websites that don't handle a lot of data. Webshops, government sites etc still require a higher level of security so DV certification would not be suitable, but even there the cost of crtification has dropped over tha last year.

Low cost certificates include a GoDaddy cert at $3.99/year, and free ones are offered by letsencrypt.org sslforfree.com and others. Comodo makes available a free SSL option for use on VPS systems - I use VPS and can run all sites I host under SSL with no additional cost.

This is a rapidly changing situation, but like most things, the public will get used to just ignoring the warning messages. So they will become more intrusive. Recently I have been unable to connect to some sites using Chrome on my phone over a public wifi system, I just see a warning message. 1984???

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 05-02-2017, 02:53 PM   #4
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,944
Default

Kelvyn...

Thanks for the more detailed info--particularly because all I could remember was my reaction rather than the more informative nitty-gritty. I'm glad to hear that less expensive/free options are coming out of the woodwork...


Terrie
terrie is offline   Reply With Quote
Old 05-02-2017, 09:30 PM   #5
sky4forums
Member
 
sky4forums's Avatar
 
Join Date: Aug 2008
Location: Ohio, USA
Posts: 306
Default

Your replies do not make it clear if my password is being sent across the net as plain text. If so this seems to me to be a security problem. Even though I use different passwords for different sites I will very inclined to end visiting any site that allows my password to be seen in such a manner.

   
__________________
- Sky
See my photos at http://skyockey.smugmug.com
sky4forums is offline   Reply With Quote
Old 05-03-2017, 02:23 AM   #6
Kelvyn
Staff
 
Kelvyn's Avatar
 
Join Date: Feb 2005
Location: In the Heart of the English Lake District
Posts: 1,381
Default

Passwords are not encrypted unless under SSL. There is encryption in place if using a high security WiFI connection, but once past the wifi router this is unenccypted to become plain text fo onward transmission. Public WiFi services generally have a low level of security or none at all.

   
__________________
Kelvyn

Web site design, hosting and marketing, Keswick in the UK Lake District

If you are planning a visit to Keswick then try Keswick Tourist Information website

Kelvyn is offline   Reply With Quote
Old 05-03-2017, 07:22 AM   #7
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,742
Default

It's so nice to have a Kelvyn around the house. Every site needs one.

Yer a gem, you are. Thanks as always.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 05-03-2017, 03:43 PM   #8
sky4forums
Member
 
sky4forums's Avatar
 
Join Date: Aug 2008
Location: Ohio, USA
Posts: 306
Default

Thanks for the clarification.

   
__________________
- Sky
See my photos at http://skyockey.smugmug.com
sky4forums is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Lost login .... Hugh Wyn Griffith How to Use the Forum 4 11-03-2011 03:19 PM
Login & password for webpage Howard Allen Web Site Building & Maintenance 18 02-07-2008 02:16 PM
Can login just not be fixed? Is it permanently broken? djb How to Use the Forum 15 07-04-2005 02:45 PM
Login not remembering me djb How to Use the Forum 23 02-17-2005 02:59 PM


All times are GMT -8. The time now is 09:44 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.