The Cellar  

Go Back   The Cellar > Cellar-related > Cellar Meta

Cellar Meta Users, threads, etiquette, posting, usage, forums, why this place matters or doesn't

Reply
 
Thread Tools Display Modes
Old 12-28-2016, 04:10 PM   #31
glatt
 
Join Date: Jul 2003
Location: Arlington, VA
Posts: 25,469
I know nothing about this stuff, so maybe this is a dumb question. But I don't think it's critical that old hotlinked images be displayed. Can you just break the image link and leave the text link there, pointing to the picture?
glatt is offline   Reply With Quote
Old 12-28-2016, 04:11 PM   #32
footfootfoot
I may have overstated my temerity's degree of mitigation.
 
Join Date: Aug 2004
Location: in the house and on the street
Posts: 18,064
Well, that'll serve us for hotlinking.

And while "converting to https," invites the response, "Yeah, you know me." it doesn't really want it to come to the party because of the superfluous s at the end. So, no.
__________________
the internet is a hateful stew of vomit you can never take completely seriously? - Her Fobs
footfootfoot is offline   Reply With Quote
Old 12-28-2016, 04:13 PM   #33
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 59,405
Or download the image, break the link and put the image back in the post, but only UT and the mods can do that.
__________________
Everything is interesting... look closer.
xoxoxoBruce is offline   Reply With Quote
Old 12-28-2016, 04:14 PM   #34
glatt
 
Join Date: Jul 2003
Location: Arlington, VA
Posts: 25,469
Yeah, I'm not fixing thousands of hot linked images.
glatt is offline   Reply With Quote
Old 12-28-2016, 04:26 PM   #35
footfootfoot
I may have overstated my temerity's degree of mitigation.
 
Join Date: Aug 2004
Location: in the house and on the street
Posts: 18,064
Quote:
Originally Posted by glatt View Post
Yeah, I'm not fixing thousands of hot linked images.
Slacker
__________________
the internet is a hateful stew of vomit you can never take completely seriously? - Her Fobs
footfootfoot is offline   Reply With Quote
Old 12-28-2016, 04:54 PM   #36
Undertoad
Miserable contrarian
 
Join Date: Jan 2001
Location: Cottage of Prussia
Posts: 28,575
And it may not matter all that much either.

Google is downgrading pages not served up with https, and soon they will be sending warnings about any page that appears to be collecting password or credit card data over a page without https.

Do they downgrade if the page is secure, but contains insecure sections? I don't know.

It's an issue because, if you're not logged in, every Cellar page has a login box at the top.

The register page is entirely secure...
Undertoad is offline   Reply With Quote
Old 12-28-2016, 05:21 PM   #37
Undertoad
Miserable contrarian
 
Join Date: Jan 2001
Location: Cottage of Prussia
Posts: 28,575
We are currently enforcing https, which means if people are browsing with http they will get rudely re-directed to the https version.

Let's see if any issues are reported in the next hour or so
Undertoad is offline   Reply With Quote
Old 12-28-2016, 05:24 PM   #38
sexobon
^it sings^
 
Join Date: Oct 2009
Posts: 6,714
One probably has to look outside of database fixes as some folks did with phpBB by creating an extension that runs hyperlinked http requests through an SSL image proxy server which rewrites them to https to appear as secure for viewing. I don't know if anything like this has ever been developed for vBulletin; but, it might be worth looking around for. If you find something, it might be worth bringing back the tip mug to pay for it. I suppose you could do a poll.

Quote:
... Background Information:
If a phpBB board is served from a https:// server, it will generally behave well as a secure site, but any image links posted by users as http://... will appear to browsers to be insecure content, in some browsers promoting a security warning dialogue, and in other browsers resulting in the image becoming inaccessible.

A direct solution of converting the image links in the phpBB database is generally impractical, so an accepted solution is to use a SSL proxy to make the images appear to be secure. Camo is an example of such a proxy.

With this extension installed, when a phpBB page is being loaded by a user, links to http://... images are rewritten so that they become https:// links to the camo proxy server, with the original link address encoded into the new link. The user's browser then requests the image from the camo proxy which accesses the original location and re-serves it on-the-fly using the https:// protocol. ...
sexobon is offline   Reply With Quote
Old 12-28-2016, 05:31 PM   #39
Undertoad
Miserable contrarian
 
Join Date: Jan 2001
Location: Cottage of Prussia
Posts: 28,575
The long run plan is to get away from vBulletin though, cos vBulletin has lost its mojo. But it may be possible to proxy these requests anyway... looking into it...
Undertoad is offline   Reply With Quote
Old 12-28-2016, 05:35 PM   #40
Flint
Libturd Snowflake
 
Join Date: Mar 2006
Location: Coastal Elite
Posts: 11,877
Quote:
Originally Posted by sexobon View Post
One probably has to look outside of database fixes as some folks did with phpBB by creating an extension that runs hyperlinked http requests through an SSL image proxy server which rewrites them to https to appear as secure for viewing. I don't know if anything like this has ever been developed for vBulletin; but, it might be worth looking around for. If you find something, it might be worth bringing back the tip mug to pay for it. I suppose you could do a poll.
That sounds like the ungrounded electrical socket adapters, that let you plug three-pronged plugs into two-pronged outlets. You can plug the thing in, but it isn't really grounded. It just bypasses the security feature. If I understand correctly, this is what you mean by "appear as" secure.

Conversely, I'm not a big fan of data rot, so there's that...
__________________
******************
There's a level of facility that everyone needs to accomplish, and from there
it's a matter of deciding for yourself how important ultra-facility is to your
expression. ... I found, like Joseph Campbell said, if you just follow whatever
gives you a little joy or excitement or awe, then you're on the right track.

. . . . . . . . . . . . . . . . . . . . . . . . . . Terry Bozzio
Flint is offline   Reply With Quote
Old 12-28-2016, 05:40 PM   #41
Undertoad
Miserable contrarian
 
Join Date: Jan 2001
Location: Cottage of Prussia
Posts: 28,575
It is interesting to notice how many sites on the net have this issue... and how many won't even serve up https versions. https://cnn.com serves up a ton of http:

This may give us some Google mojo.
Undertoad is offline   Reply With Quote
Old 12-28-2016, 05:40 PM   #42
sexobon
^it sings^
 
Join Date: Oct 2009
Posts: 6,714
@ Flint,

Yes, unfortunately, it only preserves viewing ability.
sexobon is offline   Reply With Quote
Old 12-28-2016, 06:01 PM   #43
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 59,405
Clicking on the link in post 41.
.
Attached Images
 
__________________
Everything is interesting... look closer.
xoxoxoBruce is offline   Reply With Quote
Old 12-28-2016, 07:54 PM   #44
fargon
Person who doesn't update the user title
 
Join Date: Dec 2005
Location: La Crosse, WI
Posts: 5,544
I'm getting the privacy message. I'll come back tomorrow when the people that know what they are doing get done.
__________________
Annoy the ones that ignore you!!!
I live a blessed life
I Love my Country, I Fear the Government!!!
Heavily medicated for the good of mankind.
fargon is offline   Reply With Quote
Old 12-29-2016, 12:08 AM   #45
BigV
Goon Squad Leader
 
Join Date: Nov 2004
Location: Seattle
Posts: 24,078
Quote:
Originally Posted by Undertoad View Post
snip--

Changing ALL hotlinked images is going to be a drag, or at least, a dangerous thing. I'm not sure it can even be done. There's no global search and replace in the forum software. Each one of those images is linked with an insecure permanent BBCODE bit of text. The change has to happen at database level and it has the potential to break things.
when you say BBCODE bit of *text*, do you really mean it's a text string that you can find and edit? Albeit, metric monkeytons of them, sure.

I ask, because I have an editor that can handle very, very large files. I've only bothered to try it on text files, not... other files. And I don't know what kind of files you're dealing with wrt the places where the offending "BBCODE bit of text" is.

The editor is at work and my brain is offline. If you're interested, indicate that and I'll dig up the editor / link info for you. The tool all by itself is impressive.
__________________
Remember:

Live a good life. If there are gods and they are just, they will not care how devout you have been, but will welcome you based on the virtues you have lived by. If there are gods, but unjust, then you should not want to worship them. If there are no gods, then you will be gone, but will have lived a noble life that will live on in the memories of your loved ones. -- Marcus Aurelius, philosopher and writer (121-180)
BigV is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 01:53 PM.


Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.