Results 1 to 5 of 5
Thread: Insecure connection?
-
2017-08-12, 02:49 AM (ISO 8601)
- Join Date
- Jul 2005
- Location
- SW England
- Gender
Insecure connection?
I've just done a reset to factory settings on my laptop, and now when I try to log in to GITP, I get a "This connection is not secure" warning.
Is there something up with the site, or have I not reconfigured my laptop properly?
-
2017-08-12, 07:21 AM (ISO 8601)
- Join Date
- Nov 2006
- Location
- England. Ish.
- Gender
Re: Insecure connection?
Some browsers are now "enforcing" https connections rather than http for security purposes. You should be able to upate the browser settings to allow http (and the message usually gives some hint on how to do this).
What probably happened was that your factory reset also took out that settings update.Warning: This posting may contain wit, wisdom, pathos, irony, satire, sarcasm and puns. And traces of nut.
"The main skill of a good ruler seems to be not preventing the conflagrations but rather keeping them contained enough they rate more as campfires." Rogar Demonblud
"Hold on just a d*** second. UK has spam callers that try to get you to buy conservatories?!? Even y'alls spammers are higher class than ours!" Peelee
-
2017-08-12, 09:10 AM (ISO 8601)
- Join Date
- Sep 2013
Re: Insecure connection?
On this note, is there any plan to get a security cert for the site? The playground is one of the few places I visit that doesn't offer https:// these days, and while normally I don't think anything of it, I've been on the road and hesitant to log in to the forum from some of the open hotspots I've had to use. (Hurray for VPNs.)
My Homebrew A Return to Exile, a homebrew campaign setting.
Under Construction: Skills revamp for the Campaign Setting. I need to make a new index thread.
-
2017-08-25, 03:25 PM (ISO 8601)
- Join Date
- Jul 2009
Re: Insecure connection?
So apparently www.giantitp.com does support https (which is good) but uses a self-signed certificate (not so good). Basically this means that the connection between the server and a user is secure, but doesn't guarantee that the server is actually the real www.giantitp.com server. While it's not very likely that anyone would bother to perform a man-in-the-middle attack against this site, that's really no excuse to have such an obvious security hole, especially since Let's Encrypt is a free and widely used certificate authority.
-
2017-08-25, 04:03 PM (ISO 8601)
- Join Date
- Jul 2005
- Gender
Re: Insecure connection?
So, I was about to say that this may not be possible depending on their setup, but apparently certbot has a manual mode! Though it is a little time intensive, as you need to do this every 90 days. (A problem solved through automation if you have a VPS)
I'm actually going to go use manual mode on a server this weekend. (Using selfsigned for a minor webpage)Proud 1st edtion player!