sevo
Fokutorendaburando
Provided that the server uses basic authentication - DIGEST has already been around since 1997.
RFF login
- Thread starter Out to Lunch
- Start date
- Latest activity Latest activity:
- Replies 32
- Views 4K
Provided that the server uses basic authentication - DIGEST has already been around since 1997.
Timmyjoe
Veteran
I'm having trouble with the web site this morning. In the classified section, won't let me post anything. Is this something to do with the web site security?
Best,
-Tim
Best,
-Tim
sevo
Fokutorendaburando
Digest has a couple of issues, but none which would affect a standalone forum for used camera related banter. For example, it cannot share password hash databases with other authentication methods, and has no protection against man-in-the-middle attacks, and the client may override it. But there is no reason not to default to DIGEST - it is infinitely more safe than PLAIN auth.
These are "foreign correspondent" rules. Prudent if you work abroad, even more prudent if your employer offers a VPN protected Intranet. But it is pointless for user level web site access - VPN is a point-to-point and not a point-to-world technology...
Out to Lunch
Veteran
When opening the site with https I get a warning from Firefox that the site is not secure; when I then sign-in to a specific thread -on the basis of my https sign-in, I get a ''secure connection'' sign with the caveat that ''Firefox has blocked parts of this page that are not secure''. I encourage the Head Bartender to solve the issue.
ColSebastianMoran
( IRL Richard Karash )
Exactly the same here. Further, I use a password manager (1Password) that screams bloody murder if a site is unsecure re passwords. 1Password is happy with RFF.
Our tech world has become so complex, with so many variations in configuration, add-ons, extensions, etc. that we get different results on seemingly identical setups.
Stay safe:
- Different unique password for every site
- Never re-use passwords
- Password manager program to manage all this
- Don't go visiting weird sites
- Don't click on links in emails
- Hate to say it, but doubt validity of every "call to action" you see
ColSebastianMoran
( IRL Richard Karash )
Just checked this with Firefox on Mac. No problems, no warnings, here.
Again, variations and complexities from one setup to another.
Out to Lunch
Veteran
click on the 'lock' sign and see what you get. All this said, I don't have this problem with any other site I am using. Head Bartender what's your feedback?
RFF has tens of thousands of linked images on other servers. I think this is what Firefox is referring to as unsecure. There is no way for RFF to make image on other servers secure.
From day one, over two million posts ago, RFF was a http site. There have been no reported hacking of logins using http, probably because there was no money in it for the hacker. Classifieds payments are protected by Paypal security.
As the net matured suddenly http sites were supposedly more a threat than the day before and the shift went to https with warnings about http.
Last night we again started https - after having server problems with it before. For now it seems to be working fine.
I'm using Firefox and am getting no warnings on logging in.
Stephen
Bill Clark
Veteran
I hear of folks getting problems using free wi-fi. I don't use it.
I do business with E-Trade and they provide me with the device that I use to log in with 6 additional numbers (that rotates) after my password.
Have to be vigilant about opening emails and any attachments.
I've been told that Windows system is more vulnerable than Mac.
My wife's cousin was involved wih this during the early stages of developing security and sold his business to Verisign.
He said security and the internet is like keeping mice out of anyones home. You plug up one hole then they find another, then another and so-on.
I do business with E-Trade and they provide me with the device that I use to log in with 6 additional numbers (that rotates) after my password.
Have to be vigilant about opening emails and any attachments.
I've been told that Windows system is more vulnerable than Mac.
My wife's cousin was involved wih this during the early stages of developing security and sold his business to Verisign.
He said security and the internet is like keeping mice out of anyones home. You plug up one hole then they find another, then another and so-on.
sevo
Fokutorendaburando
Even when requested through https, the site still embeds scripts and graphics via http - Firefox might be showing a warning about that!
oftheherd
Veteran
Security on computers and phones (small computers) is constantly evolving and changing. Prudent people should always use the latest legitimate security software. More importantly keep up on what the latest is in threats and the security to counter it.
Also, try to learn how passwords are stored and transmitted. If the bad guys can get to the stored hash of the password, they can break it in a surprisingly short time.
Also, try to learn how passwords are stored and transmitted. If the bad guys can get to the stored hash of the password, they can break it in a surprisingly short time.
Steve Bellayr
Veteran
I stopped using Firefox as I found many problems with it.
