You are either not logged in or not registered with our community. Click here to register.
 
August 21, 2017, 07:20:53 AM
Top RP Sites - Vote Daily

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Wiki Blogs Dicebot

Author Topic: Forcing https?  (Read 6572 times)

0 Members and 1 Guest are viewing this topic.

Offline TaintedAndDelish

Re: Forcing https?
« Reply #175 on: August 24, 2013, 02:08:32 PM »
Any time \o/

The OP suggested that https would automatically be used on elliquiy.com instead of http - therefore the https everywhere add-on would not be needed. For those using https-everywhere, the https rule given in the code block tells the add-on specifically how to handle pages from elliquiy. ( effectively, to always replace http with https in the url ).

Now that you have https anywhere installed ( assuming you have also restarted your browser after installing), your browser will attempt to connect to all websites using https first, then http if https is not available. More accurate details should be available on the link I posted previously.

Online Haibane

Re: Forcing https?
« Reply #176 on: August 24, 2013, 02:16:17 PM »
Thanks, I think that's going to be useful. I appreciate the help.

Offline bigwad73

Re: Forcing https?
« Reply #177 on: August 24, 2013, 03:53:19 PM »
The only issue I'd have is that sometimes, when I travel, I tether to my phone if I can't get to a wireless network (and more, one that lets me get to E).  The software that I use doesn't work for https sites, at least, the free version doesn't.  I'd have to upgrade.  Oh, and I'm cheap.

Offline Thufir Hawat

Re: Forcing https?
« Reply #178 on: August 24, 2013, 04:42:27 PM »
For whatever my vote counts, I actually prefer https so I obviously wouldn't mind.

Offline MagicalPen

Re: Forcing https?
« Reply #179 on: August 24, 2013, 04:50:59 PM »
Https works fine for me.

Offline Sybl

Re: Forcing https?
« Reply #180 on: August 24, 2013, 05:16:24 PM »
Https works for me just fine. :-) Thank you Veks.

Offline Snickerz

Re: Forcing https?
« Reply #181 on: August 24, 2013, 05:35:17 PM »
Yeah... I'm afraid I don't know the difference. ???

Either work for me really.

Offline Syene

Re: Forcing https?
« Reply #182 on: August 24, 2013, 06:24:32 PM »
I would have no problem with forcing it. I already use it since as far as I'm concerned, more secure is always better.

Offline TaintedAndDelish

Re: Forcing https?
« Reply #183 on: August 24, 2013, 06:29:48 PM »
Yeah... I'm afraid I don't know the difference. ???

Simply put, with https, the information that you send and receive is scrambled. This prevents others ( nosy neighbor, spooky government, etc.. ) from reading/recording everything you read and post on E and whatever other sites you visit.

Offline Vorian

Re: Forcing https?
« Reply #184 on: August 24, 2013, 09:21:36 PM »
Works for me.

Offline CriminalMindsFan

Re: Forcing https?
« Reply #185 on: August 24, 2013, 10:07:01 PM »
I thought only financial sites or shopping sites could/needed to use https?

Offline Chelemar

Re: Forcing https?
« Reply #186 on: August 25, 2013, 01:32:12 AM »
works for me thanks

Offline stormwyrm

Re: Forcing https?
« Reply #187 on: August 25, 2013, 02:44:07 AM »
I thought only financial sites or shopping sites could/needed to use https?

Plain HTTP is not only vulnerable to sniffing attacks, but also session hijacking, where some attacker grabs your session credentials and is capable of impersonating you to the site in question. Think of what would happen if someone did that to a social networking account (which E is pretty close to being actually). There are ways of mitigating this without using HTTPS but HTTPS is the easiest solution and solves plenty of other security issues besides.

Offline VekseidTopic starter

Re: Forcing https?
« Reply #188 on: August 25, 2013, 02:45:14 AM »
Plain HTTP is not only vulnerable to sniffing attacks, but also session hijacking, where some attacker grabs your session credentials and is capable of impersonating you to the site in question. Think of what would happen if someone did that to a social networking account (which E is pretty close to being actually). There are ways of mitigating this without using HTTPS but HTTPS is the easiest solution and solves plenty of other security issues besides.

Legally speaking, Elliquiy is a 'social network', at least as far as exemptions and safe harbors are concerned.

Offline Geil

Re: Forcing https?
« Reply #189 on: August 25, 2013, 03:49:01 AM »
I've been using https here for over a year. Aside from the embedded video visibility issues already pointed out the only problem I've come across is not being able to manage PMs properly. I posted workaround here but that workaround is to temporarily not use https.

I've just checked that the problem still persists on my most up to date install. I can't create new PM labels whilst using https.  Will forcing https and the wrapping up/redirection of http links now make that workaround impossible?

Offline Wistful Dream

  • ✧ ~ ✦ ~ Bright Star ~ ✦ ~ ✧ ☾ A Dragon's Mariposa ☽ ~ * ~ A Captain's Princess ~ * ~ An Imp's Vixen
  • Dame
  • Carnite
  • *
  • Join Date: May 2008
  • Location: The Beast's Castle
  • Gender: Female
  • Forever can spare a minute.
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Forcing https?
« Reply #190 on: August 25, 2013, 10:37:00 AM »
https works for me as well, though I don't even see http or https when I browse the site normally. Right now it's just http://elliquiy.com/forums/index.php?action=post;topic=183098.0;last_msg=8794316

Offline ThatRPGuy

Re: Forcing https?
« Reply #191 on: August 25, 2013, 10:39:11 AM »
Https works well on both my home and mobile devices, so no real complaints here, Veks!

Also, do you capitalize something like https when it's at the beginning of a sentence, even if it's 'proper' form should be all lowercase?

Offline Oniya

  • StoreHouse of Useless Trivia
  • Oracle
  • Carnite
  • *
  • Join Date: Sep 2008
  • Location: City of Roses, PA
  • Gender: Female
  • One bad Motokifuka. Also cute and FLUFFY!
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 3
Re: Forcing https?
« Reply #192 on: August 25, 2013, 10:42:34 AM »
Actually, since it's an abbreviation, it would be written in all uppercase (HTTP or HTTPS).  Since that part of a web address isn't case sensitive, dropping it to lowercase in the middle of a sentence has become common.

Offline nakithefaile

Re: Forcing https?
« Reply #193 on: August 25, 2013, 11:51:44 AM »
HTTPS Works great for me, so no worries on the force

Offline Chrystal

Re: Forcing https?
« Reply #194 on: August 25, 2013, 12:57:45 PM »
Both work fine, on my phone and my PC.

As for the question of whether to capitalise, convention is that web addresses and email addresses are written all lower case. I don't think there is any more reason for it than there is a reason for the @ symbol in an email address - the person who wrote the original hypertext transfer protocol simply started writing them that way.

Incidentally, as hypertext is one word,  if it were treated as an abbreviation it would be HtTP, with the first t in lower case.

Offline DarkRose15

  • The Shy Maiden of the Shadows
  • Lady
  • Addict
  • *
  • Join Date: May 2011
  • Location: Wouldn't you like to know?
  • Gender: Female
  • Can you charm me from the night's embrace?
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 0
Re: Forcing https?
« Reply #195 on: August 25, 2013, 02:30:00 PM »
Both links work just fine for me :)

Offline Scott

Re: Forcing https?
« Reply #196 on: August 25, 2013, 04:21:48 PM »
I wish security was even tighter in fact, you can google elliquiy and your screen name together and find something you posted in.

Offline Hailstone

Re: Forcing https?
« Reply #197 on: August 25, 2013, 04:32:25 PM »
Rather straightforward question for everyone, but some complaints members have had over the past year have been extremely suspicious, so I've been thinking of doing this.


Works fine for me, and sounds like a good idea.

Offline Xander19

Re: Forcing https?
« Reply #198 on: August 25, 2013, 09:46:42 PM »
Either works for me. It seems like a good idea though to make it a bit more secure here.

Online Haibane

Re: Forcing https?
« Reply #199 on: August 26, 2013, 04:50:11 AM »
Any time \o/

The OP suggested that https would automatically be used on elliquiy.com instead of http - therefore the https everywhere add-on would not be needed. For those using https-everywhere, the https rule given in the code block tells the add-on specifically how to handle pages from elliquiy. ( effectively, to always replace http with https in the url ).

Now that you have https anywhere installed ( assuming you have also restarted your browser after installing), your browser will attempt to connect to all websites using https first, then http if https is not available. More accurate details should be available on the link I posted previously.
Sorry to report that I have had to disable the HTTPSEverywhere plugin as its a possible source of crashing my browser and the system. Since installing it a couple of days ago I've had 2 BSODs and 2 complete system freezes where nothing would work at all except the Power Off button ;) HTTPS Everywhere has been the only system change I've implemented in the last I don't know how long and despite the PC being 2.5 years old I have never had a single BSOD on it before.

The crashes always occurred with Firefox open and after typing in a reply to a forum (sometimes E, sometimes elsewhere). I'm using Firefox 23.0.1 and it may be an incompatibility issue.

I know this may be going off-topic from Vek's thread and if it is I apologise for that but as its related to a solution suggested on here to always try to use https where possible I thought I would post my experiences.

We can take this to the computer help section if preferred.