Why no longer https?

Wear your anorak proudly here! The place to discuss website & forum developments, administration, wish-lists, bugs, abuse etc

Moderator: frenzarin

Post Reply
mosy
Posts: 3777
Joined: 21 Sep 2007 20:28
Location: London

Why no longer https?

Post by mosy » 20 Feb 2019 15:14

Per subject title. Can't say it bothers me especially (unless I ought to be bothered?) but if https thought preferable, why not any more?

RJM
Posts: 70
Joined: 2 Jan 2016 15:30
Location: Sydenham

Re: Why no longer https?

Post by RJM » 20 Feb 2019 21:28

Mine is still showing as https, with the little padlock (I'm on Safari) to show that it's using an encrypted connection.

mosy
Posts: 3777
Joined: 21 Sep 2007 20:28
Location: London

Re: Why no longer https?

Post by mosy » 20 Feb 2019 22:07

Thanks for replying RJM. Very strange that Firefox shows differently then. I've just logged out and back in to double check. Whilst out, the padlock shows with a red line through. Logging in warns me that site not secure and padlock has gone altogether once logged in. The thot plickens...

RJM
Posts: 70
Joined: 2 Jan 2016 15:30
Location: Sydenham

Re: Why no longer https?

Post by RJM » 21 Feb 2019 09:26

My work PC has Chrome and IE, and they're also still https with the padlock. Might be a Firefox issue? Someone with more techy knowledge than me can probably advise! Sounds a bit strange that only one browser would stop being secure.

stuart
Posts: 3075
Joined: 21 Sep 2004 10:13
Location: Lawrie Park
Contact:

Re: Why no longer https?

Post by stuart » 21 Feb 2019 09:42

Firefox on Android is showing secure/green padlock. Will investigate further when I get home.

Mosy what os/browser version are you using and what exact page replicates the issue?

Stuart

chrisj1948
Posts: 500
Joined: 15 Jul 2008 15:12
Location: Sydenham

Re: Why no longer https?

Post by chrisj1948 » 21 Feb 2019 10:30

PC using Win7 with latest version of Firefox. HTTPS and green padlock.

stuart
Posts: 3075
Joined: 21 Sep 2004 10:13
Location: Lawrie Park
Contact:

Re: Why no longer https?

Post by stuart » 21 Feb 2019 10:54

A change made about a week ago means if you ask for insecure content you get it. This will be fixed shortly.

Stuart

stuart
Posts: 3075
Joined: 21 Sep 2004 10:13
Location: Lawrie Park
Contact:

Re: Why no longer https?

Post by stuart » 21 Feb 2019 14:30

Now fixed.

This will not have affected anyone who has auto-logged in or had the green padlock showing when they logged in. Never enter a password unless you can see that padlock - anywhere, anytime!

Since STF has been restricted to https for more years than I care to remember then most bookmarks & links in will have bypassed the issue. If, and only if, you have logged in the last couple of weeks by entering your password and you are not sure you saw the padlock then as a precaution you may wish to change it as it could have been passed across the internet to the server in plain text.

All passwords are stored encrypted on the server itself by whatever means you access it. Do feel free to ask any questions and I will try and answer.

Stuart [Technical Support]

mosy
Posts: 3777
Joined: 21 Sep 2007 20:28
Location: London

Re: Why no longer https?

Post by mosy » 21 Feb 2019 17:00

Hi. Thanks for checking Stuart. Just to let you know that the padlock has come back I see now that I've logged in afresh for today. I clear cookies every day, so yesterday would have been a fresh login also, if that means anything.

You asked which browser: I using Firefox Quantum 65.0.1 on my PC when it happened yesterday.

Still, OK now so thanks :)

stuart
Posts: 3075
Joined: 21 Sep 2004 10:13
Location: Lawrie Park
Contact:

Re: Why no longer https?

Post by stuart » 21 Feb 2019 19:02

Yes but it shouldn't have happened. It's ironic that I complained about the Lewisham Planning login page last November which was not encrypted. Except there was no secure way to login and, I believe, the same password if captured could be used to access and change some sensitive data in other departments. They fixed it - eventually. Not quite in the same league here I trust.

I said at the time that no-one should login using an unencrypted link but in the nature of things people are in a rush and forget to look or the padlock area can vanish off the top of the page on some mobile browsers and other reasons. That's why good websites FORCE any http login attempts to https. This how it was, is now but for a short period was not.

Mea Culpa - it was nothing to actually do with STF but the Apache webserver domain configuration which I modded to redirect some non-STF stuff on sydenham.org.uk elsewhere and in doing so inadvertantly screwed this particular redirect. As this didn't affect the normal operation of STF it wasn't apparently noticed as nearly everybody would be accessing directly via https until you found this way in.

Thank you - in the end people like me have to depend on good people like you out there to unearth untrapped issues and report them. It took an ardent follower of mine to bring your post to my notice around 9:40 this morning (on the Overground to Canada Water). I first assumed from other people that it was probably something odd with your browser. But when I got the other end I could see the misconfiguration and how to fix it. Only I needed a proper computer to do it. Three hours to get to one, two minutes to fix.

Maybe I need a crowdfunder to buy me one of these to slip into my pocket to do it anywhere - cinch at only $1,980:

:

stuart
Posts: 3075
Joined: 21 Sep 2004 10:13
Location: Lawrie Park
Contact:

Re: Why no longer https?

Post by stuart » 21 Feb 2019 19:22

I may say those three hours were not wasted. It was to discover an even more exciting and useful appication of cutting edge IT than anything you will find here. If you know anybody hard of hearing or deaf - please share this, it could enrich their lives:



It works using wifi. The clever bit is sound sensors that pick up the actor's speech plus other sound effects and then match them to the pre-prepared script. So what you see is more immediate, no stuttering, no wrong words etc. The actor still holds the timing, you (and the captions) follow the actor - or anywhere else you want glance. If you can't hear and are not fluent in BSL this is the best way to enjoy theatre. Even if you have BSL you are restricted to a few performances on a few productions and have to sit in a particular place.

With these you can use at every performance of every NT production from any seat. Free in time and price too.
https://www.nationaltheatre.org.uk/your ... on-glasses

Stuart

Post Reply