Securing CBoats

Decked Canoes, Open Canoes, as long as they're canoes!

Moderators: kenneth, sbroam, TheKrikkitWars, Mike W., Sir Adam, KNeal, PAC, adamin

User avatar
kenneth
CBoats.net Staff
Posts: 540
Joined: Fri Apr 05, 2002 12:00 am
Location: Prescott, AZ
Contact:

Securing CBoats

Post by kenneth »

I am in the process of setting up SSL (https) for the forum. Everything is currently in place and you can now access https://cboats.net/cforum/" onclick="window.open(this.href);return false; to securely access the site, however I still have some things I need to do in order to FORCE you to use it. Hopefully this won't interrupt anything for you guys, but there's a chance you'll be forced to log in even if you already have (since you logged in to the http version of the site, but not the https version).

The primary reason I am doing this is so that your passwords are secured and cannot be "sniffed" by nosey individuals when you're on a public WIFI (for example).
User avatar
Craig Smerda
L'Edge Designer
Posts: 2815
Joined: Tue Dec 10, 2002 3:59 am
Location: WaUSAu Wisconsin USA North America Earth, etc.

Re: Securing CBoats

Post by Craig Smerda »

Is that why I keep getting these?
Attachments
cboatsec.JPG
cboats.JPG
Esquif Canoes Paddler-Designer-Shape Shifter
User avatar
busterblue
CBoats Addict
Posts: 254
Joined: Mon Feb 07, 2011 5:31 pm
Location: Ridgefield, WA

Re: Securing CBoats

Post by busterblue »

Craig, I was getting a similar error message. It went away after I logged out then logged back in.
User avatar
kenneth
CBoats.net Staff
Posts: 540
Joined: Fri Apr 05, 2002 12:00 am
Location: Prescott, AZ
Contact:

Re: Securing CBoats

Post by kenneth »

I made a lot of changes last night in an attempt to resolve these issues. It might be necessary to logout and login, or it might be necessary to clear your browser cache in case you are still loading old content.

I think I managed to fix all the places where there was http content being mixed in with the https content - and therefore resolve these issues. However, I believe you might still see that prompt when viewing a post where someone's avatar is hosted externally.

I was hoping this would be a seamless change to the site, and don't like the fact that some of you might have a negative experience (I'd be annoyed by those prompts!). Please continue to let me know if you see any problems like this and hopefully I can address them.

You can help by including the specific URL that caused the prompt to appear, and if possible a screenshot.

Thanks for the feedback and screenshots! I appreciate it greatly!
User avatar
kenneth
CBoats.net Staff
Posts: 540
Joined: Fri Apr 05, 2002 12:00 am
Location: Prescott, AZ
Contact:

Re: Securing CBoats

Post by kenneth »

In order to hopefully fix some odd issues people are seeing with regard to logging in, I have made a change that will force everyone to login fresh - even if you had selected the "Remember me" checkbox. This should only be a one time thing.
Wouter Kieboom
c
Posts: 5
Joined: Wed Jun 03, 2009 7:43 am

Re: Securing CBoats

Post by Wouter Kieboom »

The last few days I constantly have to log in again. Each and every time I visit I seem to have to log in anew. And yes I do tick the automatic login box each time as well.

????????

If anything can be done to better this I would greatly appreciate it.

Thanks,

Wouter
User avatar
kenneth
CBoats.net Staff
Posts: 540
Joined: Fri Apr 05, 2002 12:00 am
Location: Prescott, AZ
Contact:

Re: Securing CBoats

Post by kenneth »

Thanks for the feedback Wouter. My hope is that the change I was referring to in the previous post would resolve that issue. So far it seems to have worked - as I was also seeing that behavior but no longer am.

Thanks for everyone's patience.
Wouter Kieboom
c
Posts: 5
Joined: Wed Jun 03, 2009 7:43 am

Re: Securing CBoats

Post by Wouter Kieboom »

Hello Kenneth,

Thanks for all the effort it must be to maintain this forum, especially after a change like this one.

Nonetheless, up to this very minute I still encounter these login "problems" (if one might call them that). Cleared cache several times; made no difference.

Thought to let you know.

Thanks, Wouter
User avatar
kenneth
CBoats.net Staff
Posts: 540
Joined: Fri Apr 05, 2002 12:00 am
Location: Prescott, AZ
Contact:

Re: Securing CBoats

Post by kenneth »

I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAIN, but hopefully (like last time) it will remember you this time! :)
User avatar
philcanoe
C Maven
Posts: 1549
Joined: Tue Feb 24, 2004 1:15 am
Location: top o'da boat - Reids, AL

Re: Securing CBoats

Post by philcanoe »

kenneth wrote:I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAI, but hopefully (like last time) it will remember you this time! :)

Kenneth... you're the man.

THANKS for all the THANKLESS work you do.
    ^~^~^ different strokes ~ for different folks ^~^~^
    Bob Wiggins
    C Guru
    Posts: 159
    Joined: Thu Sep 15, 2011 1:40 am
    Location: Asheville, NC

    Re: Securing CBoats

    Post by Bob Wiggins »

    well, now I'M having to log in every time. i click the "remember me" button, and it does remember the username and password, but i have to go in, click log in, and enter a captcha every time i refresh the page, or leave and come back. again, thanks for all the work you do to make cboats an even better place than it already is.
    Thanks again,
    Bob
    User avatar
    kenneth
    CBoats.net Staff
    Posts: 540
    Joined: Fri Apr 05, 2002 12:00 am
    Location: Prescott, AZ
    Contact:

    Maybe!!!

    Post by kenneth »

    Ok, GREAT NEWS! I discovered that the home page was screwing up the session/cookie management for the forum and basically would erase your "remember me" cookie! If you logged in to the forum, then hit the home page, you were essentially logging out. I am truly optimistic that this is the ultimate fix this time!

    Yes, on a related note, we still have problems with non-https avatars causing IE6-IE8 users to see the "Do you want to show insecure content" prompt, but I'm working on that too. Technically, you can tell IE not to prompt you with that warning - and I'm pretty sure IE9 doesn't use this prompt - but I know that's annoying.
    Wouter Kieboom
    c
    Posts: 5
    Joined: Wed Jun 03, 2009 7:43 am

    Re: Securing CBoats

    Post by Wouter Kieboom »

    Works like a charm now.

    Thanks Kenneth.

    Wouter
    User avatar
    kenneth
    CBoats.net Staff
    Posts: 540
    Joined: Fri Apr 05, 2002 12:00 am
    Location: Prescott, AZ
    Contact:

    Re: Securing CBoats

    Post by kenneth »

    That news makes my day! Thanks!
    craig
    CBoats Addict
    Posts: 483
    Joined: Sat Apr 28, 2007 2:06 am
    Location: Milton,Mass

    Re: Securing CBoats

    Post by craig »

    My mac keeps telling me that it can't verify security at this site (https) I emptied the cache a couple times but it still keeps showing up. Any hints?
    Post Reply