JohnDahl Posted August 29, 2018 Share Posted August 29, 2018 When I login to this site I get a warning pop-up, however the certificate itself it looks ok (except the amazon part). What is up? Is this a cert. configuration issue or is the login information really not routed via a secure connection? Link to comment Share on other sites More sharing options...
justsomeguy Posted August 29, 2018 Share Posted August 29, 2018 It looks like that form action does not use HTTPS. Link to comment Share on other sites More sharing options...
Ingolme Posted August 29, 2018 Share Posted August 29, 2018 It would be a good idea if they could update the forum to use a secure connection. Right now it's all over plain HTTP. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 29, 2018 Share Posted August 29, 2018 I don't get any certificate warnings, but it looks like the canonical URL is set to HTTP, so it probably uses that for things like the form actions. Link to comment Share on other sites More sharing options...
dsonesuk Posted August 29, 2018 Share Posted August 29, 2018 Firefox version update 52 onwards start to give warning about insecure login with certificate warnings, but as http://w3schools.invisionzone.com is not fully actively using https throughout its site and even though it exists to use, it would swap from secure back to insecure so it was pointless trying to use the secure https: so i just set it to ignore, it just shows a question mark in site info icon. Link to comment Share on other sites More sharing options...
Html Posted August 30, 2018 Share Posted August 30, 2018 I wouldn't be too concerned, I think this forum has always been without a certificate. Link to comment Share on other sites More sharing options...
JohnDahl Posted August 31, 2018 Author Share Posted August 31, 2018 Well, I personally am not concerned about it since I use a different password, email and login ID for every site that requires a login (and store it all in passwordsafe), but anybody who uses the same information here as they do on facebook (or worse, their bank) should be concerned, especially if they access this site from a public wifi location where their information could be scraped. It blows my mind that in 2018 online companies don't use SSL's for every page, especially after eff.org started letsencrypt.org and made certs (with PFS even!) free for everyone. w3 school's use of this forum site looks like an endorsement of this practice. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now