MozillaZine

MozillaZine login page NOT https?

Talk about stuff specific to the site -- bugs, suggestions, and of course praise welcome.
machi1x
 
Posts: 12
Joined: March 9th, 2013, 2:39 pm

Post Posted December 11th, 2017, 1:15 pm

Maybe this is just me but I went to the login page using the URL I have bookmarked - ucp.php?mode=login - and immediately saw it was not secure. Checked and saw the link I had stored is http:// but the page was the one I would use to log in - asking for username and password. I tried changing the URL to https and got a 404 message. Am I using an old link?
Thanks.

DanRaisch
Moderator

User avatar
 
Posts: 119724
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted December 11th, 2017, 1:52 pm

No, you're not. The forum doesn't use HTTPS, only HTTP.

makaiguy

User avatar
 
Posts: 16618
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted December 11th, 2017, 2:55 pm

Starting with Ver 52, FFox pops up a warning when attempting to log into sites not accessed via a secure connection (i.e. those using non-secured http protocol instead of secured https protocol). The warning correctly points out that your login name and password are being transmitted in the clear where they can be captured by any server along the way.

This does not mean that the site you are trying to log in to has suddenly become insecure. This situation has always been there, but the folks at Mozilla just decided they'd warn you about it. Reportedly Chrome is now doing the same thing.

To avoid the warning:
  1. If the site supports a secure https connection, use that instead of http. Your transmission will be encrypted and only readable by your destination site.

  2. If you just don't want FFox to warn you of these insecure connections, do this:
    • Enter about:config in the Address/URL bar.
    • Press the button to agree to be careful (if you haven't done this previously).
    • Enter insecure in the Filter bar to limit display to just options containing 'insecure'.
    • Double-click on each of the following two options to toggle them between true and false. Set them to false:
      security.insecure_field_warning.contextual.enabled
      security.insecure_password.ui.enabled
    • Enter autofill in the Search bar.
    • Double-click on signon.autofillForms.http and toggle it to true.
    NOTE: if any of the above options are not found, you can create them manually. Right-click (control-click on Apple) an empty space in the option list. Click New | Boolean. Enter the option name and appropriate true/false value.
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF 52.9.0 ESR (64bit), TB 52.8.0 (32bit) ║ Android 8.0/7.1.1: FF 60.0.2 No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

Return to MozillaZine Site Discussion


Who is online

Users browsing this forum: No registered users and 5 guests