MozillaZine

This site not using HTTPS...Why?

Talk about stuff specific to the site -- bugs, suggestions, and of course praise welcome.
BobbyPhoenix

User avatar
 
Posts: 80
Joined: April 24th, 2014, 5:58 am

Post Posted March 7th, 2017, 7:43 pm

So with the new release today when I went to login Firefox gave me the new popup that said the username and password fields are not secure. So why is that? Shouldn't MozillaZine be using HTTPS instead of just HTTP? I did notice the padlock in the address bar with the line through it before, but the popup really brought it to my attention. I feel very insecure logging in on a non HTTPS site.
Do, or do not. There is no try.

barbaz
 
Posts: 1680
Joined: October 1st, 2014, 3:25 pm

Post Posted March 7th, 2017, 9:18 pm

This has come up before - viewtopic.php?f=11&t=2950805

The upshot is this. The admin is quite short on time. And this board has several other, more important issues, like people getting locked out -
viewtopic.php?f=11&t=3026494
viewtopic.php?f=11&t=3027921
viewtopic.php?f=11&t=2824277

As for feeling very insecure? Just know the risk and take some simple steps to protect yourself. All the usual advice applies. Plus,
- don't log in when you're connected to an untrusted network, such as any shared WiFi you don't control, or a network you don't know the admin.
- And make sure that your password is very different from those you use on HTTPS sites.

Do that and you can feel better, you'll be fine. :)
*Always* check the changelogs BEFORE updating that important software!

BobbyPhoenix

User avatar
 
Posts: 80
Joined: April 24th, 2014, 5:58 am

Post Posted March 8th, 2017, 6:29 am

Thanks for the explanation, and links.
Do, or do not. There is no try.

barbaz
 
Posts: 1680
Joined: October 1st, 2014, 3:25 pm

Post Posted March 8th, 2017, 9:14 am

You're welcome. 8-)
*Always* check the changelogs BEFORE updating that important software!

therube

User avatar
 
Posts: 17994
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted May 28th, 2017, 5:00 am

(FWIW. Another board that recently went to the dark side, Please add SSL to the forum.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Mark12547
 
Posts: 140
Joined: May 13th, 2017, 11:36 am
Location: Oregon, United States, Earth

Post Posted August 10th, 2017, 1:07 pm

This board could also serve as a regression check to make sure that Firefox still notifies us that we are providing a password on an unsecured page. :)

The expected behavior now is that we are warned when supplying our password for this site, but not when we are supplying a password to our gateway device, which is usually a router.

flip101
New Member
 
Posts: 2
Joined: November 18th, 2017, 3:13 am

Post Posted November 18th, 2017, 3:19 am

Yeah this is a strange situation ... when mozilla tries to make firefox more secure. A forum about firefox has no security at all ... Now i have to send my password unencrypted over the internet :( Randomly generated for just this website ... but still. Certificates are free these days, and installation shouldn't be too difficult ..

Tony-E

User avatar
 
Posts: 8770
Joined: November 5th, 2004, 11:28 am

Post Posted November 18th, 2017, 4:49 am

I use different passwords for every site, if this one get's compromised, not much will happen other than somebody could answer Firefox questions whilst pretending to be me.

Sites that store confidential info need the extra security, for a sites like this it is not essential.

DanRaisch
Moderator

User avatar
 
Posts: 117994
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted November 18th, 2017, 5:23 am

Randomly generated for just this website ... but still.


Different passwords for each site (or type of site) is strongly recommended anyway. Sort of the opposite of using "password" as the password for every site.

Return to MozillaZine Site Discussion


Who is online

Users browsing this forum: No registered users and 3 guests