Page 1 of 2
Securing CBoats
Posted: Mon Jan 02, 2012 7:57 pm
by kenneth
I am in the process of setting up SSL (https) for the forum. Everything is currently in place and you can now access
https://cboats.net/cforum/" onclick="window.open(this.href);return false; to securely access the site, however I still have some things I need to do in order to FORCE you to use it. Hopefully this won't interrupt anything for you guys, but there's a chance you'll be forced to log in even if you already have (since you logged in to the http version of the site, but not the https version).
The primary reason I am doing this is so that your passwords are secured and cannot be "sniffed" by nosey individuals when you're on a public WIFI (for example).
Re: Securing CBoats
Posted: Tue Jan 03, 2012 3:49 pm
by Craig Smerda
Is that why I keep getting these?
Re: Securing CBoats
Posted: Tue Jan 03, 2012 4:37 pm
by busterblue
Craig, I was getting a similar error message. It went away after I logged out then logged back in.
Re: Securing CBoats
Posted: Tue Jan 03, 2012 7:31 pm
by kenneth
I made a lot of changes last night in an attempt to resolve these issues. It might be necessary to logout and login, or it might be necessary to clear your browser cache in case you are still loading old content.
I think I managed to fix all the places where there was http content being mixed in with the https content - and therefore resolve these issues. However, I believe you might still see that prompt when viewing a post where someone's avatar is hosted externally.
I was hoping this would be a seamless change to the site, and don't like the fact that some of you might have a negative experience (I'd be annoyed by those prompts!). Please continue to let me know if you see any problems like this and hopefully I can address them.
You can help by including the specific URL that caused the prompt to appear, and if possible a screenshot.
Thanks for the feedback and screenshots! I appreciate it greatly!
Re: Securing CBoats
Posted: Thu Jan 05, 2012 1:05 am
by kenneth
In order to hopefully fix some odd issues people are seeing with regard to logging in, I have made a change that will force everyone to login fresh - even if you had selected the "Remember me" checkbox. This should only be a one time thing.
Re: Securing CBoats
Posted: Thu Jan 05, 2012 1:45 pm
by Wouter Kieboom
The last few days I constantly have to log in again. Each and every time I visit I seem to have to log in anew. And yes I do tick the automatic login box each time as well.
????????
If anything can be done to better this I would greatly appreciate it.
Thanks,
Wouter
Re: Securing CBoats
Posted: Thu Jan 05, 2012 1:52 pm
by kenneth
Thanks for the feedback Wouter. My hope is that the change I was referring to in the previous post would resolve that issue. So far it seems to have worked - as I was also seeing that behavior but no longer am.
Thanks for everyone's patience.
Re: Securing CBoats
Posted: Thu Jan 05, 2012 2:42 pm
by Wouter Kieboom
Hello Kenneth,
Thanks for all the effort it must be to maintain this forum, especially after a change like this one.
Nonetheless, up to this very minute I still encounter these login "problems" (if one might call them that). Cleared cache several times; made no difference.
Thought to let you know.
Thanks, Wouter
Re: Securing CBoats
Posted: Fri Jan 06, 2012 6:11 pm
by kenneth
I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAIN, but hopefully (like last time) it will remember you this time!
Re: Securing CBoats
Posted: Fri Jan 06, 2012 8:44 pm
by philcanoe
kenneth wrote:I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAI, but hopefully (like last time) it will remember you this time!
Kenneth... you're the man.
THANKS for all the THANKLESS work you do.
Re: Securing CBoats
Posted: Sat Jan 07, 2012 3:12 am
by Bob Wiggins
well, now I'M having to log in every time. i click the "remember me" button, and it does remember the username and password, but i have to go in, click log in, and enter a captcha every time i refresh the page, or leave and come back. again, thanks for all the work you do to make cboats an even better place than it already is.
Thanks again,
Bob
Maybe!!!
Posted: Sat Jan 07, 2012 1:35 pm
by kenneth
Ok, GREAT NEWS! I discovered that the home page was screwing up the session/cookie management for the forum and basically would erase your "remember me" cookie! If you logged in to the forum, then hit the home page, you were essentially logging out. I am truly optimistic that this is the ultimate fix this time!
Yes, on a related note, we still have problems with non-https avatars causing IE6-IE8 users to see the "Do you want to show insecure content" prompt, but I'm working on that too. Technically, you can tell IE not to prompt you with that warning - and I'm pretty sure IE9 doesn't use this prompt - but I know that's annoying.
Re: Securing CBoats
Posted: Sun Jan 08, 2012 12:48 pm
by Wouter Kieboom
Works like a charm now.
Thanks Kenneth.
Wouter
Re: Securing CBoats
Posted: Sun Jan 08, 2012 3:21 pm
by kenneth
That news makes my day! Thanks!
Re: Securing CBoats
Posted: Mon Jan 09, 2012 10:16 pm
by craig
My mac keeps telling me that it can't verify security at this site (https) I emptied the cache a couple times but it still keeps showing up. Any hints?