Board index PBase Questions and Answers Pbase Not A Secure Site?

Questions and Answers

Pbase Not A Secure Site?

Ask if you need help using PBase.
wingspar
 
Posts: 80

Pbase Not A Secure Site?

Post Mon Apr 24, 2017 11:47 pm


When I login to get to my gallery, I now get this message before I login.

“This connection is not secure. Logins entered here could be compromised”.

Apparently, this is a new feature of Firefox 52.0 and newer. What gives with this?

dw_thomas
 
Posts: 481

Re: Pbase Not A Secure Site?

Post Tue Apr 25, 2017 3:00 am


I believe the latest Firefox puts that up when the login page URL does not start with https:// vs http://. The https: is a secure (encrypted) protocol for the login. The bookmark I have set normally logs me in without my typing, and I have not seen that at PBase (I have elsewhere). I do see a little circled lower case 'i' at the left end of the address bar. If I click on that, it tells me the connection is "not secure" and the next level says "not private." One might hope PBase will do something about that, but rapid response does not seem to be in their repertoire.

DaveT

akmc_in_au
 
Posts: 954

Re: Pbase Not A Secure Site?

Post Tue Apr 25, 2017 10:56 am


wingspar wrote:When I login to get to my gallery, I now get this message before I login.

“This connection is not secure. Logins entered here could be compromised”.

Apparently, this is a new feature of Firefox 52.0 and newer. What gives with this?


It's just Mozilla treating us all like idiots. I go into the back end of Firefox and turn that annoying sod of a feature off. You can do that by entering this in the address bar:
Code: Select all
about:config


Then searching for the setting:
Code: Select all
security.insecure_password.ui.enabled


and double clicking on it to change it from True to False. It will take effect after a browser restart.

This throws the onus back on you to ensure that you check that you're dealing with a secure site... when it matters. Personally I've always done that so I don't need Firefox throwing up an annoying, textbox-obscuring (on some sites) dialog to tell me what I already know.

As Dave said, you will get this if you are logging onto a site which does not use the HTTPS protocol; that is, one which doesn't use secure socket layers (SSL) to encrypt data transmissions between you and the server. (If you don't know about SSL, ignore that and just read the rest of it.) Back in the late 90's / early 2000s when PBase had its genesis, the use of that protocol or similar was pretty much limited to web sites where you really needed encryption; banking sites and the like. (And now, as then, you should never, ever submit financial information (including credit card details) through a site which does not use HTTPS.) However PBase has always used that for its payments page; if you go there you'll see that the address is https://secure.pbase.com/cart.html

It probably seemed less important to implement it in the main accounts because let's be honest, the desire to spend the time hacking PBase accounts probably isn't out there. There wouldn't be much to gain from it.

These days implementing SSL has become easier than it once was and a lot of websites use it as their default; Flickr, for example, is at https://www.flickr.com/ . There still are some older sites that I visit where the login page still uses plain old HTTP; they're diminishing, but they still exist.

Will the main PBase site ever implement HTTPS? Aaaaahhhh... I think we know the likely answer to that. They probably should, but we know that they won't.

Does it matter in the overall scheme of things? If Vladimir Putin declares a vendetta against the site, maybe. Otherwise, maybe not so much.

wingspar
 
Posts: 80

Re: Pbase Not A Secure Site?

Post Wed Apr 26, 2017 4:57 pm


If you click on that message when you log into an unsecure site, it will take you to a Firefox page that explains what it is. I did not see that before I started this thread. I did not know that little “i” in the circle next to the URL gave you that info about the site you are on. Someone in another forum gave me the directions in about:config to turn it off, but I think I’ll just leave it on. I had no idea at all that so many sites do not use a secure login and by leaving it on, I will know if I am logging into an unsecure site. Important as I do not want to use a credit card at an unsecure site.


Board index PBase Questions and Answers Pbase Not A Secure Site?

Who is online

Users browsing this forum: No registered users and 3 guests