Author Topic: Take advantage of secure connections to our site (updated HTTPS certificates) (Read 7548 times)

Shlomo · « **on:** May 31, 2013, 12:08:19 PM »

We now have updated security certificates if you wish to take advantage of secure connections to our site.

Simply access the site via HTTPS instead of HTTP or make a shortcut to this link:

https://jtf.org/forum

This creates an encrypted channel between you and our server for extra protection and privacy.

angryChineseKahanist · « **Reply #1 on:** May 31, 2013, 01:49:13 PM »

works.
I didn't get a scarey message.

you should enforce ssl on all members.

Ephraim Ben Noach · « **Reply #2 on:** May 31, 2013, 02:27:21 PM »

You should sticky this. And what is it for?

muman613 · « **Reply #3 on:** May 31, 2013, 03:07:01 PM »

Quote from: אפרים בן נח on May 31, 2013, 02:27:21 PM

You should sticky this. And what is it for?

Shlomo said what it is for... HTTPS is an encrypted HTTP (web) connection. Usually all information transferred between you and the server goes over the wire in what is called 'plain text' which means that anyone (usually referring to Big Brother, or others you do not want to read your personal information) could snoop on the 'packets' which are sent as part of the TCP/IP protocol and determine what you are reading and writing. Within an organization it is possible for IT to monitor all network connections (either by human monitoring, or software monitoring) so they can (if they want) determine what employees are doing with the network.

Now HTTPS provides an encryption/decryption layer where only the sender and receiver know who they are communicating with and outsiders will not be able to determine the contents of the packets (which appear as random information to the observer)...

I think I will soon start to use the HTTPS connection here at work...

Thank you Shlomo..

muman613 · « **Reply #4 on:** May 31, 2013, 03:07:49 PM »

http://en.wikipedia.org/wiki/Https

Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication.[1] In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

A site must be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance. E.g. Having scripts etc. loaded insecurely on an HTTPS page makes the user vulnerable to attacks. Also having only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP will expose the user to attacks. On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS, the user and the session will get exposed. Similarly, cookies on a site served through HTTPS have to have the secure attribute enabled.[2]

muman613 · « **Reply #5 on:** May 31, 2013, 04:29:21 PM »

Shlomo,

There is an issue when using HTTPS with the forum...

The issue is that inline-videos do not appear when using the secure HTTP protocol. I don't know why this is the case, but it is something you should look into...

For example:

(will not display when using https)

https://www.youtube.com/watch?v=A5_FL1s5bps

Zelhar · « **Reply #6 on:** May 31, 2013, 04:52:12 PM »

Quote from: muman613 on May 31, 2013, 04:29:21 PM

Shlomo,

There is an issue when using HTTPS with the forum...

The issue is that inline-videos do not appear when using the secure HTTP protocol. I don't know why this is the case, but it is something you should look into...

For example:

(will not display when using https)

https://www.youtube.com/watch?v=A5_FL1s5bps

I can see the embedded video through https.

muman613 · « **Reply #7 on:** May 31, 2013, 05:18:58 PM »

Quote from: Zelhar on May 31, 2013, 04:52:12 PM

I can see the embedded video through https.

When accessing JTF using https://jtf.org/forum the inline video is not displayed...

https://jtf.org/forum/index.php/topic,69641.msg595904.html#msg595904

It definitely is not working from my work connection.

angryChineseKahanist · « **Reply #8 on:** May 31, 2013, 08:14:17 PM »

mike, I just saw the youtube video. I'm on ssl right now.

muman613 · « **Reply #9 on:** May 31, 2013, 08:18:50 PM »

Quote from: angryChineseKahanist on May 31, 2013, 08:14:17 PM

mike, I just saw the youtube video. I'm on ssl right now.

Strange,

It still is not working in my google chrome Version 27.0.1453.93 browser...

I will try on Saturday night (after Shabbat is over) from home...

angryChineseKahanist · « **Reply #10 on:** June 01, 2013, 07:44:50 PM »

Quote from: muman613 on May 31, 2013, 08:18:50 PM

Strange,

It still is not working in my google chrome Version 27.0.1453.93 browser...

I will try on Saturday night (after Shabbat is over) from home...

how the hell are they in version 27? chrome has only been around a few years.
even microsoft internet extinguisher is in ver 10 and they have been around since the nutscrape navigator days. we're talking about the 1990s.

Ephraim Ben Noach · « **Reply #11 on:** June 26, 2013, 09:08:28 PM »

Could someone sticky this?

muman613 · « **Reply #12 on:** June 26, 2013, 09:43:01 PM »

Still unable to see embedded videos when using HTTPS...

muman613 · « **Reply #13 on:** June 26, 2013, 09:45:29 PM »

Ok... It seems that HTTPS works with short youtube links (with the youtu.be address)...

But the full youtube.com link doesnt seem to display:

Ephraim Ben Noach · « **Reply #14 on:** June 26, 2013, 09:58:43 PM »

Yes, you have to go to youtube on a computer version and copy from the share address, a mobile url will not work...

If we are even talking about the same thing...

muman613 · « **Reply #15 on:** June 26, 2013, 10:15:17 PM »

Quote from: אפרים בן נח on June 26, 2013, 09:58:43 PM

Yes, you have to go to youtube on a computer version and copy from the share address, a mobile url will not work...

If we are even talking about the same thing...

I observe that a full youtube link to a video will not display when accessing the site using HTTPS address... But if I use the shortened URL from the 'share video' which has a doman of youtu.be then the video does display when using HTTPS.

Ephraim Ben Noach · « **Reply #16 on:** June 26, 2013, 10:23:40 PM »

Quote from: muman613 on June 26, 2013, 10:15:17 PM

I observe that a full youtube link to a video will not display when accessing the site using HTTPS address... But if I use the shortened URL from the 'share video' which has a doman of youtu.be then the video does display when using HTTPS.

Agreed.

Ephraim Ben Noach · « **Reply #17 on:** June 27, 2013, 07:43:16 PM »

Quote from: אפרים בן נח on June 26, 2013, 09:08:28 PM

Could someone sticky this?

Why didn't someone tell me you just have to add a s to http?

Debbie Shafer · « **Reply #18 on:** July 14, 2013, 03:09:44 PM »

Good to know this!

Debbie Shafer · « **Reply #19 on:** August 07, 2013, 03:44:57 PM »

Also glad for the tips on spying by... Verizon, Google, Yahoo, and other email websites.

Shlomo · « **Reply #20 on:** August 18, 2013, 08:34:08 PM »

Unfortunately, if you view the site in HTTPS, the videos will not display because they are not HTTPS (called mixed-mode content).

Firefox added this blocking in the latest version. Here is a work around... albeit a terrible work around that only works for one page at a time:
https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/

Super Mentalita · « **Reply #21 on:** July 19, 2014, 07:51:25 PM »

Ok, i dont know nothing about computers but for some reason when i post a youtube video i only see the link and not the screen-video... Someone knows what to do?

Zelhar · « **Reply #22 on:** July 20, 2014, 04:30:56 AM »

There is a "share" box bellow every youtube video, post the link from there and it will be embedded.

Quote from: Super Mentalita on July 19, 2014, 07:51:25 PM

Ok, i dont know nothing about computers but for some reason when i post a youtube video i only see the link and not the screen-video... Someone knows what to do?

Super Mentalita · « **Reply #23 on:** July 20, 2014, 01:53:56 PM »

Quote from: Zelhar on July 20, 2014, 04:30:56 AM

There is a "share" box bellow every youtube video, post the link from there and it will be embedded.

Aye that is working thank you!