Jump to content

Planned Maintenance 28/7/17


MtB
Notice added by staff member RichM

We value the feedback and opinions of our members and kindly request this topic to be used for providing us with constructive feedback.

Thank you :)

Featured Posts

20 hours ago, RichM said:

Further to the recent update, Canal World is now running over HTTPS/SSL and you should now see the associated padlock in your browser when accessing this site. In layman's terms, it means the site is more secure. It's a little overdue by today's standards in all honesty but there were some technical hurdles that delayed this.

Any issues, let me know.

RichM

Yes. Thanks a lot for this small but important detail.

It may be overdue by many standards, but still reasonably uncommon for forums of this size as I've seen.

 

Daniel

Link to comment
Share on other sites

On 30/07/2017 at 04:32, RichM said:

Further to the recent update, Canal World is now running over HTTPS/SSL and you should now see the associated padlock in your browser when accessing this site. In layman's terms, it means the site is more secure. It's a little overdue by today's standards in all honesty but there were some technical hurdles that delayed this.

Any issues, let me know.

RichM

 

Could you (or anyone) expand on this please? Secure in what respect?

Back in the day HTTPS simply meant the data being transmitted between client and server is encrypted, so packets containing secret stuff like credit card numbers could not be intercepted and copied by the bad guys for their nefarious purposes.

I don't see how it matters one jot if the web pages on a public forum are sent unencrypted because they will be displayed on the forum for anyone to read anyway. The whole point of a discussion forum! 

Edited by Mike the Boilerman
Link to comment
Share on other sites

14 minutes ago, Mike the Boilerman said:

I don't see how it matters one jot if the web pages on a public forum are sent unencrypted because they will be displayed on the forum for anyone to read anyway. The whole point of a discussion forum! 

I'm guessing alot of us use Public Wifi or Marina wifi, these are easy to intercept so you it would be feeble to get your password or session cookies.   The addition of HTTPS doesn't cost anything either for the cert (if got from one of the free places) or the machine power so it's not worth not doing.

Edited by Robbo
  • Greenie 1
Link to comment
Share on other sites

Anything which is https isn't cached by a local web browser. So its not worth simply blanket applying it everywhere, if its going to be public domain stuff anyway it may as well be http. There's a LOT of data sent from the web server which need not be secure, and a bit that is.

Link to comment
Share on other sites

3 minutes ago, Paul C said:

Anything which is https isn't cached by a local web browser. So its not worth simply blanket applying it everywhere, if its going to be public domain stuff anyway it may as well be http. There's a LOT of data sent from the web server which need not be secure, and a bit that is.

Web browsers will still cache https, unless the header in the html tells them not to (like http).   You will get a warning if you mix http and https on the same page which will confuse most users.  The session cookies should be encrypted.

  • Greenie 1
Link to comment
Share on other sites

In addition to what's already mentioned above, another concern of mine was that many web browsers now penalise sites that do not use HTTPS by displaying "Insecure" next to the URL in the address bar, some more prominently than others. We didn't want this to risk discouraging security conscious users from using or registering on Canal World.

Further reading: 
https://www.theregister.co.uk/2016/09/08/chrome_to_shame_non_https_sites/
http://www.pcworld.com/article/3161778/software/chrome-firefox-start-warning-users-when-websites-use-insecure-http-logins.html

Also, we plan to provide merchandise in the near future and this is another reason why it's appropriate to use HTTPS given that we will need to collect personal data from those who wish to purchase merchandise. (contact details & delivery addresses etc)

The SSL cert we use was issued by Comodo who are well known in the industry. It wasn't free though it wasn't expensive either.

Cheers

RichM

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.