The Cellar
Page 3 of 14 12 3 4567891013 Last »
Show 60 post(s) from this thread on one page

The Cellar (http://cellar.org/index.php)
-   Cellar Meta (http://cellar.org/forumdisplay.php?f=3)
-   -   Converting to https (http://cellar.org/showthread.php?t=32417)

glatt 12-28-2016 04:10 PM
I know nothing about this stuff, so maybe this is a dumb question. But I don't think it's critical that old hotlinked images be displayed. Can you just break the image link and leave the text link there, pointing to the picture?

footfootfoot 12-28-2016 04:11 PM
Well, that'll serve us for hotlinking.

And while "converting to https," invites the response, "Yeah, you know me." it doesn't really want it to come to the party because of the superfluous s at the end. So, no.

xoxoxoBruce 12-28-2016 04:13 PM
Or download the image, break the link and put the image back in the post, but only UT and the mods can do that.

glatt 12-28-2016 04:14 PM
Yeah, I'm not fixing thousands of hot linked images.

footfootfoot 12-28-2016 04:26 PM
Quote:
Originally Posted by glatt (Post 977716)
Yeah, I'm not fixing thousands of hot linked images.
Slacker

Undertoad 12-28-2016 04:54 PM
And it may not matter all that much either.

Google is downgrading pages not served up with https, and soon they will be sending warnings about any page that appears to be collecting password or credit card data over a page without https.

Do they downgrade if the page is secure, but contains insecure sections? I don't know.

It's an issue because, if you're not logged in, every Cellar page has a login box at the top.

The register page is entirely secure...

Undertoad 12-28-2016 05:21 PM
We are currently enforcing https, which means if people are browsing with http they will get rudely re-directed to the https version.

Let's see if any issues are reported in the next hour or so

sexobon 12-28-2016 05:24 PM
One probably has to look outside of database fixes as some folks did with phpBB by creating an extension that runs hyperlinked http requests through an SSL image proxy server which rewrites them to https to appear as secure for viewing. I don't know if anything like this has ever been developed for vBulletin; but, it might be worth looking around for. If you find something, it might be worth bringing back the tip mug to pay for it. I suppose you could do a poll.

Quote:
... Background Information:
If a phpBB board is served from a https:// server, it will generally behave well as a secure site, but any image links posted by users as http://... will appear to browsers to be insecure content, in some browsers promoting a security warning dialogue, and in other browsers resulting in the image becoming inaccessible.

A direct solution of converting the image links in the phpBB database is generally impractical, so an accepted solution is to use a SSL proxy to make the images appear to be secure. Camo is an example of such a proxy.

With this extension installed, when a phpBB page is being loaded by a user, links to http://... images are rewritten so that they become https:// links to the camo proxy server, with the original link address encoded into the new link. The user's browser then requests the image from the camo proxy which accesses the original location and re-serves it on-the-fly using the https:// protocol. ...

Undertoad 12-28-2016 05:31 PM
The long run plan is to get away from vBulletin though, cos vBulletin has lost its mojo. But it may be possible to proxy these requests anyway... looking into it...

Flint 12-28-2016 05:35 PM
Quote:
Originally Posted by sexobon (Post 977735)
One probably has to look outside of database fixes as some folks did with phpBB by creating an extension that runs hyperlinked http requests through an SSL image proxy server which rewrites them to https to appear as secure for viewing. I don't know if anything like this has ever been developed for vBulletin; but, it might be worth looking around for. If you find something, it might be worth bringing back the tip mug to pay for it. I suppose you could do a poll.
That sounds like the ungrounded electrical socket adapters, that let you plug three-pronged plugs into two-pronged outlets. You can plug the thing in, but it isn't really grounded. It just bypasses the security feature. If I understand correctly, this is what you mean by "appear as" secure.

Conversely, I'm not a big fan of data rot, so there's that...

Undertoad 12-28-2016 05:40 PM
It is interesting to notice how many sites on the net have this issue... and how many won't even serve up https versions. https://cnn.com serves up a ton of http:

This may give us some Google mojo.

sexobon 12-28-2016 05:40 PM
@ Flint,

Yes, unfortunately, it only preserves viewing ability.

xoxoxoBruce 12-28-2016 06:01 PM
1 Attachment(s)
Clicking on the link in post 41.
.

fargon 12-28-2016 07:54 PM
I'm getting the privacy message. I'll come back tomorrow when the people that know what they are doing get done.

BigV 12-29-2016 12:08 AM
Quote:
Originally Posted by Undertoad (Post 977708)
snip--

Changing ALL hotlinked images is going to be a drag, or at least, a dangerous thing. I'm not sure it can even be done. There's no global search and replace in the forum software. Each one of those images is linked with an insecure permanent BBCODE bit of text. The change has to happen at database level and it has the potential to break things.
when you say BBCODE bit of *text*, do you really mean it's a text string that you can find and edit? Albeit, metric monkeytons of them, sure.

I ask, because I have an editor that can handle very, very large files. I've only bothered to try it on text files, not... other files. And I don't know what kind of files you're dealing with wrt the places where the offending "BBCODE bit of text" is.

The editor is at work and my brain is offline. If you're interested, indicate that and I'll dig up the editor / link info for you. The tool all by itself is impressive.


All times are GMT -5. The time now is 06:08 PM.
Page 3 of 14 12 3 4567891013 Last »
Show 60 post(s) from this thread on one page

Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.