The Handloaders Bench Home
Home Search search Menu menu Not logged in - Login | Register

Welcome to HandloadersBench.com. Our mission here is to provide a place for those interested in the hobby of Reloading Ammunition. We offer a series of forums where they can ask questions, share answers, and highlight successes & failures so that others can learn. If you join our site please be aware that front porch rules apply. If you wouldn't say it on your front porch with grandma, your pastor and your 12 year old niece present it doesn't belong here. The Golden Rule applies. If you can live within those guidelines, Welcome Aboard! Spammers, trolls, and flamers will not last long here, your time would be better spent looking for a board where those traits are acceptable. HB Administration

Not defaulting to SSL
 Moderated by: WildBill
 New Topic   Reply   Printer Friendly 
 Rate Topic 
AuthorPost
 Posted: Thu Dec 8th, 2016 05:03 PM
   PM  Quote  Reply 
1st Post
golong
Full Member


Joined: Wed Dec 7th, 2016
Location: USA
Posts: 268
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: Any bolt action, but I get a kick out of ...
Status: 
Offline

  back to top

It seems the site does not default to SSL (https://). I have been forcing it since I enrolled yesterday but found that even at that, some of the page loads move me back to clear text.

Let me know if you would like some examples - happy to help if I can.



____________________

Continuous effort - not strength or intelligence - is the key to unlocking our potential.
-Winston Churchill


 Posted: Thu Dec 8th, 2016 06:00 PM
   PM  Quote  Reply 
2nd Post
fishinginflorida
Full Member


Joined: Wed Dec 12th, 2007
Location: North East, Florida USA
Posts: 880
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is::  270, 20ga, 22 for backyard quickies ...
Status: 
Offline

  back to top

Paypal may be down http://handloadersbench.com/view_topic.php?id=41812&forum_id=104&highlight=paypal

Why are you trying ssl/https when the site isn't coded for it?



 Posted: Thu Dec 8th, 2016 07:16 PM
   PM  Quote  Reply 
3rd Post
12semi
Senior Member


Joined: Mon May 2nd, 2011
Location: Cordova, Tennessee USA
Posts: 3603
Photo: [Download]
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: 300 Win Mag ...
Status: 
Offline

  back to top

SSL is being phased out anyway, TSL is the replacement I believe. 


Golong, you must be using a secure desktop/laptop from work?



 Posted: Thu Dec 8th, 2016 08:02 PM
   PM  Quote  Reply 
4th Post
golong
Full Member


Joined: Wed Dec 7th, 2016
Location: USA
Posts: 268
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: Any bolt action, but I get a kick out of ...
Status: 
Offline

  back to top

Well, we can get "technical" if everyone wants to - TLS 1.2 is the current, and the site does not need to be coded for it - the web application server supports it and you have a valid certificate. Whew - got all that out of the way.

Seriously though, you are paying for a cert and have at least part of the site running secure. When I registered the form defaulted to clear text, as does the login page. The home page loads secure, but then if you make a post it drops to clear text again.



____________________

Continuous effort - not strength or intelligence - is the key to unlocking our potential.
-Winston Churchill


 Posted: Thu Dec 8th, 2016 08:06 PM
   PM  Quote  Reply 
5th Post
golong
Full Member


Joined: Wed Dec 7th, 2016
Location: USA
Posts: 268
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: Any bolt action, but I get a kick out of ...
Status: 
Offline

  back to top

Wait, should I have read between the lines - maybe you did not know the site supported https??



____________________

Continuous effort - not strength or intelligence - is the key to unlocking our potential.
-Winston Churchill


 Posted: Thu Dec 8th, 2016 08:59 PM
   PM  Quote  Reply 
6th Post
fishinginflorida
Full Member


Joined: Wed Dec 12th, 2007
Location: North East, Florida USA
Posts: 880
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is::  270, 20ga, 22 for backyard quickies ...
Status: 
Offline

  back to top

golong wrote: Wait, should I have read between the lines - maybe you did not know the site supported https??

Hmm I didn't know, I can see using it for paypal and maybe the login and member profile page but for the whole site?

What's clear text? unformatted?



 Posted: Thu Dec 8th, 2016 09:57 PM
   PM  Quote  Reply 
7th Post
golong
Full Member


Joined: Wed Dec 7th, 2016
Location: USA
Posts: 268
Photo: 
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: Any bolt action, but I get a kick out of ...
Status: 
Offline

  back to top

Yeah, you should use it for the entire site. It would be much easier than trying to pick and choose which pages to use it on. Running the site secure would not impact any user that is running anything close to a modern browser - it does not prevent them from doing stuff, just prevents others from prying. Having https for your PayPal link does not do anything to protect the transaction as the security would be handled by PayPal.

Secure (still commonly referred to as SSL) is the "new normal" for websites. Google even expects it and is happy to drop your rating down a bit if you are not supporting it. I guess a way to demonstrate how common it is now, Google Chrome will start warning users next month if they are visiting a site that is not "secure" and it has fields that should normally be secure.

All we are talking is transport traffic, meaning whatever traverses between the client (desktop, mobile phone, tablet) and the web server is encrypted and protected from prying eyes. What is displayed and stored is unchanged.

When we talk about clear text, we are simply saying anyone that can see the traffic can read everything. For example, if you are sitting on some public wifi (car dealership, coffee shop, hotel, even open networks at your office), whomever has the ability to "view" or cache that traffic can see everything you did. If you simply force the site to https (which for most forums and CMS it is just a config option) then only networks that you implicitly trust can read the traffic in transport.

Edit: ...only networks that you implicitly trust and have the ability to perform SSL decryption (company networks with good security teams do this stuff) could read the traffic. And the NSA of course :-/

Last edited on Thu Dec 8th, 2016 10:00 PM by golong



____________________

Continuous effort - not strength or intelligence - is the key to unlocking our potential.
-Winston Churchill


 Posted: Fri Dec 9th, 2016 03:20 AM
   PM  Quote  Reply 
8th Post
12semi
Senior Member


Joined: Mon May 2nd, 2011
Location: Cordova, Tennessee USA
Posts: 3603
Photo: [Download]
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: 300 Win Mag ...
Status: 
Offline

  back to top

Okay, Golong is saying the site has varying level of security and typically, generally, they should all be the same. 

 




 Posted: Fri Dec 9th, 2016 06:53 PM
   PM  Quote  Reply 
9th Post
SavageShooter
Administrator


Joined: Mon Feb 15th, 2010
Location: Suburb Of KC, Missouri USA
Posts: 5845
Photo: [Download]
Are you a handloader?: Yes
Favorite type of cartridge to load?: rifle
My favorite chambering is:: Improved Chamberings
Status: 
Offline

  back to top

GoLong,

You are correct in your assessment and we are now looking into why the site is setup like it is. Our goal will be to make sure the site defaults to https: (TCP 443) automatically.

Thanks for brining this to our attention.



____________________
“We must reject the idea that every time a law's broken, society is guilty rather than the lawbreaker. It is time to restore the American precept that each individual is accountable for his actions.”
― Ronald Reagan


 Current time is 05:18 AM
Top




UltraBB 1.17 Copyright © 2007-2008 Data 1 Systems
Page processed in 0.1571 seconds (13% database + 87% PHP). 28 queries executed.