Securing CBoats

Post by **kenneth** » Mon Jan 02, 2012 7:57 pm

I am in the process of setting up SSL (https) for the forum. Everything is currently in place and you can now access https://cboats.net/cforum/" onclick="window.open(this.href);return false; to securely access the site, however I still have some things I need to do in order to FORCE you to use it. Hopefully this won't interrupt anything for you guys, but there's a chance you'll be forced to log in even if you already have (since you logged in to the http version of the site, but not the https version).

The primary reason I am doing this is so that your passwords are secured and cannot be "sniffed" by nosey individuals when you're on a public WIFI (for example).

Craig Smerda · Post by **Craig Smerda** » Tue Jan 03, 2012 3:49 pm

Is that why I keep getting these?

busterblue · Post by **busterblue** » Tue Jan 03, 2012 4:37 pm

Craig, I was getting a similar error message. It went away after I logged out then logged back in.

Post by **kenneth** » Tue Jan 03, 2012 7:31 pm

I made a lot of changes last night in an attempt to resolve these issues. It might be necessary to logout and login, or it might be necessary to clear your browser cache in case you are still loading old content.

I think I managed to fix all the places where there was http content being mixed in with the https content - and therefore resolve these issues. However, I believe you might still see that prompt when viewing a post where someone's avatar is hosted externally.

I was hoping this would be a seamless change to the site, and don't like the fact that some of you might have a negative experience (I'd be annoyed by those prompts!). Please continue to let me know if you see any problems like this and hopefully I can address them.

You can help by including the specific URL that caused the prompt to appear, and if possible a screenshot.

Thanks for the feedback and screenshots! I appreciate it greatly!

Post by **kenneth** » Thu Jan 05, 2012 1:05 am

In order to hopefully fix some odd issues people are seeing with regard to logging in, I have made a change that will force everyone to login fresh - even if you had selected the "Remember me" checkbox. This should only be a one time thing.

Wouter Kieboom · Post by **Wouter Kieboom** » Thu Jan 05, 2012 1:45 pm

The last few days I constantly have to log in again. Each and every time I visit I seem to have to log in anew. And yes I do tick the automatic login box each time as well.

????????

If anything can be done to better this I would greatly appreciate it.

Thanks,

Wouter

Post by **kenneth** » Thu Jan 05, 2012 1:52 pm

Thanks for the feedback Wouter. My hope is that the change I was referring to in the previous post would resolve that issue. So far it seems to have worked - as I was also seeing that behavior but no longer am.

Thanks for everyone's patience.

Wouter Kieboom · Post by **Wouter Kieboom** » Thu Jan 05, 2012 2:42 pm

Hello Kenneth,

Thanks for all the effort it must be to maintain this forum, especially after a change like this one.

Nonetheless, up to this very minute I still encounter these login "problems" (if one might call them that). Cleared cache several times; made no difference.

Thought to let you know.

Thanks, Wouter

Post by **kenneth** » Fri Jan 06, 2012 6:11 pm

I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAIN, but hopefully (like last time) it will remember you this time!

philcanoe · Post by **philcanoe** » Fri Jan 06, 2012 8:44 pm

kenneth wrote:I just tried a fix recommended by the phpbb3 forums. Wouter, you are my man on this, let me know how things are lookin' now. I expect everyone will have to login AGAI, but hopefully (like last time) it will remember you this time!

Kenneth... you're the man.

THANKS for all the THANKLESS work you do.

Bob Wiggins · Post by **Bob Wiggins** » Sat Jan 07, 2012 3:12 am

well, now I'M having to log in every time. i click the "remember me" button, and it does remember the username and password, but i have to go in, click log in, and enter a captcha every time i refresh the page, or leave and come back. again, thanks for all the work you do to make cboats an even better place than it already is.
Thanks again,
Bob

Post by **kenneth** » Sat Jan 07, 2012 1:35 pm

Ok, GREAT NEWS! I discovered that the home page was screwing up the session/cookie management for the forum and basically would erase your "remember me" cookie! If you logged in to the forum, then hit the home page, you were essentially logging out. I am truly optimistic that this is the ultimate fix this time!

Yes, on a related note, we still have problems with non-https avatars causing IE6-IE8 users to see the "Do you want to show insecure content" prompt, but I'm working on that too. Technically, you can tell IE not to prompt you with that warning - and I'm pretty sure IE9 doesn't use this prompt - but I know that's annoying.

Wouter Kieboom · Post by **Wouter Kieboom** » Sun Jan 08, 2012 12:48 pm

Works like a charm now.

Thanks Kenneth.

Wouter

Post by **kenneth** » Sun Jan 08, 2012 3:21 pm

That news makes my day! Thanks!

craig · Post by **craig** » Mon Jan 09, 2012 10:16 pm

My mac keeps telling me that it can't verify security at this site (https) I emptied the cache a couple times but it still keeps showing up. Any hints?

C-Forum

Securing CBoats

Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats

Maybe!!!

Re: Securing CBoats

Re: Securing CBoats

Re: Securing CBoats