Not secure message in browser

The login pages here are secure (httpS) but as noted, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.

The primary reason for not changing the rest of the site is that we have thousands of links in posts to offsite images and content that are not https. ALL those links would break. As the www updates it will be easier to make this change but for now we would rather retain that content then break it.

Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links and hosted images no longer work, ads don't display, photos, etc.

So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. There's little we can do to change this until we move to a new forum software platform which eventually we will have to do.

You can read more about the google alerts here: https://www.wired.com/story/google-chrome-https-not-secure-label/
 
I sent an alert to "Contact" site team about an issue I had sending a message to another member. Problem is, one cannot attach a photo. So, here is a screen grab.

Is my issue to do with new log-in?
 

Attachments

  • Screen Shot 2019-04-09 at 6.42.02 PM.jpg
    Screen Shot 2019-04-09 at 6.42.02 PM.jpg
    58.1 KB · Views: 33
I cleared the cache a couple days previous to attempting to send email.
After sending the email and getting the URL message, I sent by PM.
Haven't had a response yet ( don't know if it's a technical or personal reason ).
 
My concern is non members can now follow member's travel plans for various reasons, some of which are not good.
 
My concern is non members can now follow member's travel plans for various reasons, some of which are not good.
"Now"? This has not changed. EscapeForum.org has never been encrypted, and even the login page was unencrypted until recently (so anyone "sniffing" your network traffic would see your password and could then login as you). The only change has been in the security standards of browsers, which now identify as "Not secure" sites which were previously not flagged as being anything of concern.

Don't they have to publicly post their plans for somebody to read them?
Yes.
Even if the forum were properly encrypted, as long as content can be read without logging in (as is the case for most forums) anything that anyone posts is completely public. So no, you really shouldn't post both your home address or actual identification and the fact the you are currently on a trip; prudent internet use practice would be to post a trip report when you get back. Each forum member can decide if that is a concern to them.
 
Last edited:
I always thought that the forum was a closed group, similar to those on Facebook, where only members can see posts and respond. Thus phishing would be minimal as well as any new member has to apply for joining.
 
I always thought that the forum was a closed group, similar to those on Facebook, where only members can see posts and respond. Thus phishing would be minimal as well as any new member has to apply for joining.
Kinda. I use a browser (where I'm not logged in) to test what others may see when they're not logged in either. Guests can view posts, not photos however and of course can't post. PLUS the forums are filled with nagging advertisements when not logged in. A lot of the functionality is disabled to guests, but not all.
 
I always thought that the forum was a closed group, similar to those on Facebook, where only members can see posts and respond. Thus phishing would be minimal as well as any new member has to apply for joining.


Did you ever notice on the bottom of the home page where it shows who's logged in? at the moment we have 24 members and 140 guests on line. That's a lot of non members reading what folks post.
 
My concern is non members can now follow member's travel plans for various reasons, some of which are not good.
Hi: cpaharley2008... It's now legal in Canada to take a "Trip" without leaving your armchair. Ontario is also " A place to grow". I'm getting more and more nervous about hanging out on line too.
I like your new byline... except in my world its "Time wounds all heals". No time like the present Eh? :whistling: Alf
escape artist N.S. of Lake Erie;)
 
Last edited:
Did you ever notice on the bottom of the home page where it shows who's logged in? at the moment we have 24 members and 140 guests on line. That's a lot of non members reading what folks post.

We should be compensated for providing entertainment value to all those lurkers. I would suggest you split your pay with the rest of us active members. :laugh:
 
I've been saving it up. I should have enough for a new trailer about the time this one falls apart.
 

New posts

Try RV LIFE Pro Free for 7 Days

  • New Ad-Free experience on this RV LIFE Community.
  • Plan the best RV Safe travel with RV LIFE Trip Wizard.
  • Navigate with our RV Safe GPS mobile app.
  • and much more...
Try RV LIFE Pro Today
Back
Top Bottom