Advanced search  
Pages: [1]   Go Down

Author Topic: Secure login for the Forum  (Read 20435 times)

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Secure login for the Forum
« on: August 11, 2009, 12:54:20 PM »

We have been required to encrypt all login pages on the site by our credit card company's security watchdog.

The simplest way that I've found to make this happen with the Forum software is to run the forum entirely in secure mode.

I don't know how this will look to regular users.  Because I have superuser privileges and because I jump through a lot of hoops when setting things up, my view of the board's operation is skewed.

You may be asked to accept a certificate from the site the next time you log into the Forum--or you may have to log in afresh even though you selected to remain logged in "Forever."

Please let me know if you have any difficulties with the new setup.

Thanks.

                 Marty
LTM,

           Marty
           TIGHAR #2359A
 
Logged

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Re: Secure login for the Forum
« Reply #1 on: August 12, 2009, 12:35:03 AM »

Please let me know if you have any difficulties with the new setup.

Pat and I have found several bugs in the changed setup.

It looks as though we'll have to run the Forum as an external link in order to make sure that it stays in secure mode (https://).

I'll work on developing a better skin for it tomorrow.  At the very least, we need the TIGHAR logo at the top and (ideally) a little bit of site navigation on the side.

Sorry for any difficulties all the experiments may have caused you today.  The growing pains are worth it, I think.

                         Marty
LTM,

           Marty
           TIGHAR #2359A
 
Logged

Norman Daly

  • T1
  • *
  • Posts: 16
Re: Secure login for the Forum
« Reply #2 on: August 12, 2009, 09:42:34 AM »

Hi Marty:

With the new security set-up, on each page that I navigate to (or away from), a window pops up with the following message: "This page contains both secure and non-secure items. Do you want to display the non-secure items?". This window occurs at each page that I go to, every time. I have to click "Yes" each time in order to continue to that page, or back to a previous one. Needless to say, this is no fun, and time consuming. Is there a local setting on my machine that I modify, or is this driven by the forum architecture? Please advise. Love to Mom, who hates clicking uneccessary buttons.
Norm Daly
4127R
 
Logged

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Re: Secure login for the Forum
« Reply #3 on: August 12, 2009, 12:08:10 PM »

With the new security set-up, on each page that I navigate to (or away from), a window pops up with the following message: "This page contains both secure and non-secure items. Do you want to display the non-secure items?". ...

Wow.  That's not good.

Stay tuned.  I'll see what I can find out.

{time passes}

Give this suggestion from Yahoo Answers a try:

"Go to tools/internet options/advanced, and scroll all the way down to second from bottom box and uncheck where it says "warn if changing between secure and unsecure mode" ... click ok or apply if there, and you will never see that annoying little box again."

                          Marty
LTM,

           Marty
           TIGHAR #2359A
 
« Last Edit: August 12, 2009, 12:13:57 PM by moleski »
Logged

Tim Collins

  • T4
  • ****
  • Posts: 316
Re: Secure login for the Forum
« Reply #4 on: August 12, 2009, 01:04:44 PM »

FYI - mine was already unchecked and I still get the warning box.

t
Logged

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Re: Secure login for the Forum
« Reply #5 on: August 12, 2009, 01:33:03 PM »

FYI - mine was already unchecked and I still get the warning box.

Bummer.

How about this:

1. Make tighar.org a trusted site.
tools/internet options/trusted sites/sites

Add tighar.org to the trust sites list.

2. Turn off prompting for mixed content in the trusted sites:
tools/internet options/trusted sites/custom level
Change display mixed content to "enable."


3. Turn off prompting for the Internet Zone:
tools/internet options/internet zone/custom level


4. Restart Internet Explorer just to make sure that the changes have taken effect.

Let me know if that helps.  Thanks!

                                    Marty

LTM,

           Marty
           TIGHAR #2359A
 
« Last Edit: August 12, 2009, 07:38:22 PM by moleski »
Logged

Norman Daly

  • T1
  • *
  • Posts: 16
Re: Secure login for the Forum
« Reply #6 on: August 12, 2009, 06:58:03 PM »

Ahoy Marty:

Like Tim, my "warn if changing" box was already unchecked...I'm still experienceing the warning window. And, making it a trusted site doesn't resolve the issue either. Any other thoughts? Love to Mom, who easily grows frustrated.
Norm Daly
4127R
 
Logged

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Re: Secure login for the Forum
« Reply #7 on: August 12, 2009, 07:26:02 PM »

Like Tim, my "warn if changing" box was already unchecked...I'm still experienceing the warning window. And, making it a trusted site doesn't resolve the issue either. Any other thoughts? Love to Mom, who easily grows frustrated.

Did you also do the custom fix pictured above (step 2) where you tell IE to enable mixed content and not prompt?

Just making it a trusted site is not enough.  You have to then disable prompting on your trusted sites.

If you have done that, then I'll go do more digging.

{time passes}

OK, more digging done.  I was wrong.  You have to change the setting for the Internet Zone to disable the @#$%&*! prompt:
tools/internet options/internet zone/custom level


I'll go correct my original instructions.

                        Marty
LTM,

           Marty
           TIGHAR #2359A
 
« Last Edit: August 12, 2009, 07:40:02 PM by moleski »
Logged

Martin X. Moleski, SJ

  • Administrator
  • *
  • Posts: 3006
Re: Secure login for the Forum
« Reply #8 on: August 12, 2009, 08:48:14 PM »

I've written a longer tutorial on how to get rid of the annoying IE security prompt.

Hope that helps.

                  Marty
LTM,

           Marty
           TIGHAR #2359A
 
Logged
Pages: [1]   Go Up
 

Copyright 2024 by TIGHAR, a non-profit foundation. No portion of the TIGHAR Website may be reproduced by xerographic, photographic, digital or any other means for any purpose. No portion of the TIGHAR Website may be stored in a retrieval system, copied, transmitted or transferred in any form or by any means, whether electronic, mechanical, digital, photographic, magnetic or otherwise, for any purpose without the express, written permission of TIGHAR. All rights reserved.

Contact us at: info@tighar.org • Phone: 610-467-1937 • Membership formwebmaster@tighar.org

Powered by MySQL SMF 2.0.18 | SMF © 2021, Simple Machines Powered by PHP