TIGHAR
Forum FAQs, maintenance, how-to help => Forum FAQs and problem solving => Topic started by: Martin X. Moleski, SJ on August 11, 2009, 12:54:20 PM
-
We have been required to encrypt all login pages on the site by our credit card company's security watchdog.
The simplest way that I've found to make this happen with the Forum software is to run the forum entirely in secure mode.
I don't know how this will look to regular users. Because I have superuser privileges and because I jump through a lot of hoops when setting things up, my view of the board's operation is skewed.
You may be asked to accept a certificate from the site the next time you log into the Forum--or you may have to log in afresh even though you selected to remain logged in "Forever."
Please let me know if you have any difficulties with the new setup.
Thanks.
Marty
-
Please let me know if you have any difficulties with the new setup.
Pat and I have found several bugs in the changed setup.
It looks as though we'll have to run the Forum as an external link in order to make sure that it stays in secure mode (https://).
I'll work on developing a better skin for it tomorrow. At the very least, we need the TIGHAR logo at the top and (ideally) a little bit of site navigation on the side.
Sorry for any difficulties all the experiments may have caused you today. The growing pains are worth it, I think.
Marty
-
Hi Marty:
With the new security set-up, on each page that I navigate to (or away from), a window pops up with the following message: "This page contains both secure and non-secure items. Do you want to display the non-secure items?". This window occurs at each page that I go to, every time. I have to click "Yes" each time in order to continue to that page, or back to a previous one. Needless to say, this is no fun, and time consuming. Is there a local setting on my machine that I modify, or is this driven by the forum architecture? Please advise. Love to Mom, who hates clicking uneccessary buttons.
-
With the new security set-up, on each page that I navigate to (or away from), a window pops up with the following message: "This page contains both secure and non-secure items. Do you want to display the non-secure items?". ...
Wow. That's not good.
Stay tuned. I'll see what I can find out.
{time passes}
Give this suggestion from Yahoo Answers (http://answers.yahoo.com/question/index?qid=20080506032248AAv4Ulh) a try:
"Go to tools/internet options/advanced, and scroll all the way down to second from bottom box and uncheck where it says "warn if changing between secure and unsecure mode" ... click ok or apply if there, and you will never see that annoying little box again."
Marty
-
FYI - mine was already unchecked and I still get the warning box.
t
-
FYI - mine was already unchecked and I still get the warning box.
Bummer.
How about this:
1. Make tighar.org a trusted site.
tools/internet options/trusted sites/sites
(http://content.screencast.com/users/moleski/folders/Jing/media/3093a09b-cf14-4e76-9d65-e00392326d6e/2009-08-12_1527.png)
Add tighar.org to the trust sites list.
2. Turn off prompting for mixed content in the trusted sites:
tools/internet options/trusted sites/custom level
Change display mixed content to "enable."
(http://content.screencast.com/users/moleski/folders/Jing/media/7e2cd5ab-6e7c-48e9-891e-bcaec3fe273c/2009-08-12_1530.png)
3. Turn off prompting for the Internet Zone:
tools/internet options/internet zone/custom level
(http://content.screencast.com/users/moleski/folders/Jing/media/c6996f9e-49c4-4f94-a3bc-d7e7e5528f01/2009-08-12_2131.png)
4. Restart Internet Explorer just to make sure that the changes have taken effect.
Let me know if that helps. Thanks!
Marty
-
Ahoy Marty:
Like Tim, my "warn if changing" box was already unchecked...I'm still experienceing the warning window. And, making it a trusted site doesn't resolve the issue either. Any other thoughts? Love to Mom, who easily grows frustrated.
-
Like Tim, my "warn if changing" box was already unchecked...I'm still experienceing the warning window. And, making it a trusted site doesn't resolve the issue either. Any other thoughts? Love to Mom, who easily grows frustrated.
Did you also do the custom fix pictured above (step 2) where you tell IE to enable mixed content and not prompt?
Just making it a trusted site is not enough. You have to then disable prompting on your trusted sites.
If you have done that, then I'll go do more digging.
{time passes}
OK, more digging done. I was wrong. You have to change the setting for the Internet Zone to disable the @#$%&*! prompt:
tools/internet options/internet zone/custom level
(http://content.screencast.com/users/moleski/folders/Jing/media/c6996f9e-49c4-4f94-a3bc-d7e7e5528f01/2009-08-12_2131.png)
I'll go correct my original instructions.
Marty
-
I've written a longer tutorial on how to get rid of the annoying IE security prompt. (http://tighar.org/news/help/81-how-do-i-configure-ie-to-get-rid-of-the-annoying-security-prompt-in-the-forum)
Hope that helps.
Marty