Forcing https?

Started by Vekseid, August 23, 2013, 01:13:27 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

TaintedAndDelish

Any time \o/

The OP suggested that https would automatically be used on elliquiy.com instead of http - therefore the https everywhere add-on would not be needed. For those using https-everywhere, the https rule given in the code block tells the add-on specifically how to handle pages from elliquiy. ( effectively, to always replace http with https in the url ).

Now that you have https anywhere installed ( assuming you have also restarted your browser after installing), your browser will attempt to connect to all websites using https first, then http if https is not available. More accurate details should be available on the link I posted previously.

Haibane

Thanks, I think that's going to be useful. I appreciate the help.

bigwad73

The only issue I'd have is that sometimes, when I travel, I tether to my phone if I can't get to a wireless network (and more, one that lets me get to E).  The software that I use doesn't work for https sites, at least, the free version doesn't.  I'd have to upgrade.  Oh, and I'm cheap.
Bad puns!  Horrible jokes!  Odd SF and Fantasy references!  Mastery of useless information!  Expert in old TV shows and movies!  And yes, I'm "mature"!    Ons and Offs   And more    Interests   NEW As and As as of 5/12/16. Look here!!!!

Thufir Hawat

For whatever my vote counts, I actually prefer https so I obviously wouldn't mind.
Join The System Gamers List
Request thread 1 Request thread 2
Request thread 3
ONs and OFFs
"Love is a negative form of hatred." - Roger Zelazny, This Immortal

A&A thread!

MagicalPen

Https works fine for me.

My On and Offs
When the Ink Runs Dry

Looking/Available for New Games

Sybl

Https works for me just fine. :-) Thank you Veks.

Snickerz

Yeah... I'm afraid I don't know the difference. ???

Either work for me really.

Syene

I would have no problem with forcing it. I already use it since as far as I'm concerned, more secure is always better.
[tr][td]
[/td][td][/td][/tr][tr][td][/td][td][/td][/tr]
[/table]
[tr][td]
[/td][/tr][tr][td][/td][/tr][/table]

TaintedAndDelish

Quote from: Snickerz on August 24, 2013, 05:35:17 PM
Yeah... I'm afraid I don't know the difference. ???

Simply put, with https, the information that you send and receive is scrambled. This prevents others ( nosy neighbor, spooky government, etc.. ) from reading/recording everything you read and post on E and whatever other sites you visit.

Vorian

Ons/Offs - Updated 10/8/14 to reflect my switch to Liege and attempt a bit more clarity.
Ideas
Absences - Updated 3/26/15

CriminalMindsFan

I thought only financial sites or shopping sites could/needed to use https?

Chelemar


stormwyrm

Quote from: CriminalMindsFan on August 24, 2013, 10:07:01 PM
I thought only financial sites or shopping sites could/needed to use https?

Plain HTTP is not only vulnerable to sniffing attacks, but also session hijacking, where some attacker grabs your session credentials and is capable of impersonating you to the site in question. Think of what would happen if someone did that to a social networking account (which E is pretty close to being actually). There are ways of mitigating this without using HTTPS but HTTPS is the easiest solution and solves plenty of other security issues besides.
If there is such a phenomenon as absolute evil, it consists in treating another human being as a thing.
O/OA/A, Requests

Vekseid

Quote from: stormwyrm on August 25, 2013, 02:44:07 AM
Plain HTTP is not only vulnerable to sniffing attacks, but also session hijacking, where some attacker grabs your session credentials and is capable of impersonating you to the site in question. Think of what would happen if someone did that to a social networking account (which E is pretty close to being actually). There are ways of mitigating this without using HTTPS but HTTPS is the easiest solution and solves plenty of other security issues besides.

Legally speaking, Elliquiy is a 'social network', at least as far as exemptions and safe harbors are concerned.

Geil

I've been using https here for over a year. Aside from the embedded video visibility issues already pointed out the only problem I've come across is not being able to manage PMs properly. I posted workaround here but that workaround is to temporarily not use https.

I've just checked that the problem still persists on my most up to date install. I can't create new PM labels whilst using https.  Will forcing https and the wrapping up/redirection of http links now make that workaround impossible?

Poetry in Emotion
Variety is the spice of life - I'll have the vindaloo please.
A&A Games O&O

Wistful Dream

https works for me as well, though I don't even see http or https when I browse the site normally. Right now it's just https://elliquiy.com/forums/index.php?action=post;topic=183098.0;last_msg=8794316

Galactic Druid

Https works well on both my home and mobile devices, so no real complaints here, Veks!

Also, do you capitalize something like https when it's at the beginning of a sentence, even if it's 'proper' form should be all lowercase?
A/As last updated 11/27 - Halfway past busy season!

Oniya

Actually, since it's an abbreviation, it would be written in all uppercase (HTTP or HTTPS).  Since that part of a web address isn't case sensitive, dropping it to lowercase in the middle of a sentence has become common.
"Language was invented for one reason, boys - to woo women.~*~*~Don't think it's all been done before
And in that endeavor, laziness will not do." ~*~*~*~*~*~*~*~*~*~*~Don't think we're never gonna win this war
Robin Williams-Dead Poets Society ~*~*~*~*~*~*~*~*~*~*~*~*~*~Don't think your world's gonna fall apart
I do have a cause, though.  It's obscenity.  I'm for it.  - Tom Lehrer~*~All you need is your beautiful heart
O/O's Updated 5/11/21 - A/A's - Current Status! - Writing a novel - all draws for Fool of Fire up!
Requests updated March 17

nakithefaile

HTTPS Works great for me, so no worries on the force

Chrystal

Both work fine, on my phone and my PC.

As for the question of whether to capitalise, convention is that web addresses and email addresses are written all lower case. I don't think there is any more reason for it than there is a reason for the @ symbol in an email address - the person who wrote the original hypertext transfer protocol simply started writing them that way.

Incidentally, as hypertext is one word,  if it were treated as an abbreviation it would be HtTP, with the first t in lower case.

Please check out my latest A/A post.
I would rather watch a movie then have dinner than have dinner then watch a movie!

DarkRose15

Both links work just fine for me :)
Den of DarkRose: Ideas & Completed Games
Apologies & Absences *Updated 10/4/16*

Friends help you move; Real friends help you move the body.
Carl: Shh....do you hear that? That is the sound of forgiveness!
Paul: That's the sound of people drowning Carl!
Carl: That...is what forgiveness sounds like! Screaming then silence!

Scott

I wish security was even tighter in fact, you can google elliquiy and your screen name together and find something you posted in.

Hailstone

Quote from: Vekseid on August 23, 2013, 01:13:27 AM
Rather straightforward question for everyone, but some complaints members have had over the past year have been extremely suspicious, so I've been thinking of doing this.


Works fine for me, and sounds like a good idea.

Xander19

Either works for me. It seems like a good idea though to make it a bit more secure here.

Haibane

Quote from: TaintedAndDelish on August 24, 2013, 02:08:32 PM
Any time \o/

The OP suggested that https would automatically be used on elliquiy.com instead of http - therefore the https everywhere add-on would not be needed. For those using https-everywhere, the https rule given in the code block tells the add-on specifically how to handle pages from elliquiy. ( effectively, to always replace http with https in the url ).

Now that you have https anywhere installed ( assuming you have also restarted your browser after installing), your browser will attempt to connect to all websites using https first, then http if https is not available. More accurate details should be available on the link I posted previously.
Sorry to report that I have had to disable the HTTPSEverywhere plugin as its a possible source of crashing my browser and the system. Since installing it a couple of days ago I've had 2 BSODs and 2 complete system freezes where nothing would work at all except the Power Off button ;) HTTPS Everywhere has been the only system change I've implemented in the last I don't know how long and despite the PC being 2.5 years old I have never had a single BSOD on it before.

The crashes always occurred with Firefox open and after typing in a reply to a forum (sometimes E, sometimes elsewhere). I'm using Firefox 23.0.1 and it may be an incompatibility issue.

I know this may be going off-topic from Vek's thread and if it is I apologise for that but as its related to a solution suggested on here to always try to use https where possible I thought I would post my experiences.

We can take this to the computer help section if preferred.