UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Https Not Https    
 
   
DanielPineault
post Nov 6 2018, 07:01 AM
Post#1


UtterAccess VIP
Posts: 6,720
Joined: 30-June 11



Just a heads up to the admins/webmaster that some of the content isn't being output securely so the site isn't getting a true https lock.

http://www.UtterAccess.com/images/twitter16x16.jpg

http://www.UtterAccess.com/images/btn_dona...SM_long_04a.png

http://www.google.com/images/poweredby_tra...edby_FFFFFF.gif

http://www.UtterAccess.com/uploads/profile/photo-xxxxx.png

http://www.UtterAccess.com/uploads/av-xxxxxxxx.jpg


This post has been edited by ghubbell: Nov 6 2018, 10:29 AM
Reason for edit: see post below...

--------------------
Daniel Pineault (2010-2019 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
GroverParkGeorge
post Nov 6 2018, 07:36 AM
Post#2


UA Admin
Posts: 35,325
Joined: 20-June 02
From: Newcastle, WA


Can you provide specifics Daniel? What do you mean by "... some of the content isn't being output securely..."?


--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
DanielPineault
post Nov 6 2018, 07:39 AM
Post#3


UtterAccess VIP
Posts: 6,720
Joined: 30-June 11



Those listed above were a sample of resources being called within a page that are being output as http rather than https even when you purposefully used https for the page. So they are being served as part of a page content, but although the page was requested as https, certain elements are still being provided in http mode.




For this very thread, in https (https://www.UtterAccess.com/forum/index.php...p;#entry2701537), I am still getting the following provided non-securely

http://www.UtterAccess.com/images/twitter16x16.jpg

http://www.UtterAccess.com/images/btn_dona...SM_long_04a.png

http://www.google.com/images/poweredby_tra...edby_FFFFFF.gif

http://www.UtterAccess.com/uploads/av-187135.jpg

http://www.UtterAccess.com/uploads/av-10548.png





--------------------
Daniel Pineault (2010-2019 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
cheekybuddha
post Nov 6 2018, 08:14 AM
Post#4


UtterAccess VIP
Posts: 11,424
Joined: 6-December 03
From: Telegraph Hill


George,

Daniel has posted just images which are served insecurely (the 'http' is hardcoded in the image URL rather than using a relative path which would request them over https)

There are also javascript assets which suffer the same fate - see my post in Daniel's original thread in the VIP forum for examples (link in Daniels's original post) - I can repost the same info here if you feel it necessary.

d

--------------------


Regards,

David Marten
Go to the top of the page
 
GroverParkGeorge
post Nov 6 2018, 09:23 AM
Post#5


UA Admin
Posts: 35,325
Joined: 20-June 02
From: Newcastle, WA


Thanks. I'm trying to gather support for the project to enable https here.

--------------------
My Real Name Is George. Grover Park Consulting is where I do business.
How to Ask a Good Question
Beginning SQL Server
Go to the top of the page
 
ghubbell
post Nov 6 2018, 10:28 AM
Post#6


UA Administrator
Posts: -8,388,311
Joined: 21-April 01
From: Right here.


Salut Daniel - encore!
I didn't think we were outputting anything in 'S'! blush.gif

Anyone who would like to take on the "make UA 'S' again" ohyeah.gif is more than welcome to contact me and we can certainly get to it.

It's not that I don't want to... I don't know how and simply don't have the time / energy to attack it at the moment. UA is not a financial institution and 99.9% of what goes in and out of web forms here goes public anyway, so the S "necessity" or concern seems a little redundant imho?

Oh, I'll once again edit your post - please do recall a closed forum is.... closed. wink.gif

Merci,

Gord
Go to the top of the page
 
cheekybuddha
post Nov 6 2018, 10:33 AM
Post#7


UtterAccess VIP
Posts: 11,424
Joined: 6-December 03
From: Telegraph Hill


Hmmm....

Folks still have to log in with username/password combinations (which may unfortunately be being used elsewhere too)

It would also be good to know that jQuery is coming from you (UA) and not some tainted version from a man in the middle.

--------------------


Regards,

David Marten
Go to the top of the page
 
ghubbell
post Nov 6 2018, 10:53 AM
Post#8


UA Administrator
Posts: -8,388,311
Joined: 21-April 01
From: Right here.


Thanks David - good points indeed.

And to those using a password that's 'common' to your other regular haunts... well, be unique if you can. smile.gif
Go to the top of the page
 
FrankRuperto
post Nov 6 2018, 12:29 PM
Post#9



Posts: 198
Joined: 21-September 14
From: Tampa Bay, Florida, USA


This is what displays when I login to UA with FF latest version. I am using a unique password when I login.


--------------------
Currently supporting many pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix and Oracle DB's.
Go to the top of the page
 
DanielPineault
post Nov 6 2018, 12:31 PM
Post#10


UtterAccess VIP
Posts: 6,720
Joined: 30-June 11



Yes, you need to go onto the Media tab and review those items, amongst other things.

--------------------
Daniel Pineault (2010-2019 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
FrankRuperto
post Nov 6 2018, 12:40 PM
Post#11



Posts: 198
Joined: 21-September 14
From: Tampa Bay, Florida, USA


Hi Daniel,

I did and it confirms what you said earlier. Im using the "https everywhere" addon in FF.

--------------------
Currently supporting many pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix and Oracle DB's.
Go to the top of the page
 
DanielPineault
post Nov 7 2018, 05:35 AM
Post#12


UtterAccess VIP
Posts: 6,720
Joined: 30-June 11



Another great tool is https://www.whynopadlock.com/ as it gives a detailed breakdown of all the issues. For instance, for this very thread, you get:

QUOTE
<h4 class="title1">TEST RESULTS</h4>Test Information Tested URL https://www.UtterAccess.com/forum/index.php...2051417&hl= Test completed Wed, Nov 7, 2018 5:33 AM Eastern Time (GMT -5) Results URL https://www.whynopadlock.com/results/241ab4...09;3640117eae12 Copy


SSL Connection - Pass SSL Certificate Info Certificate IssuerLet's EncryptCertificate TypeLet's Encrypt Authority X3Issued On 2018-09-18 Certificate IssuerLet's EncryptCertificate TypeLet's Encrypt Authority X3Issued On 2018-09-18 Force HTTPS Your webserver is not forcing the use of SSL.
You may want to add a redirect to ensure a secure connection is used. More Info Valid Certificate Your SSL Certificate is installed correctly. Domain Matching Your SSL certificate matches your domain name!
Protected Domains:
  • UtterAccess.com
  • www.UtterAccess.com
Signature Your SSL certificate is using a sha256 signature! Expiration Date Your SSL certificate is current. Your SSL certificate expires in 40 days. (2018-12-17) Protocols You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.


Mixed Content - Errors Hard Failure A style-sheet with an insecure URL of "http://www.UtterAccess.com/forum/style_images/1/folder_editor_images/css_rte.CSS" was loaded on line: 2 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Hard Failure A script with an insecure URL of "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js" was loaded on line: 2 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/images/twitter16x16.jpg" was loaded on line: 20 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/images/btn_donate_VSM_long_04a.png" was loaded on line: 22 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.google.com/images/poweredby_transparent/poweredby_FFFFFF.gif" was loaded on line: 46 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/uploads/av-187135.jpg" was loaded on line: 63 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/uploads/av-10548.png" was loaded on line: 64 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/uploads/av-40549.jpg" was loaded on line: 64 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/uploads/av-5735.jpg" was loaded on line: 66 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Soft Failure An image with an insecure URL of "http://www.UtterAccess.com/uploads/av-225603.png" was loaded on line: 67 of https://www.UtterAccess.com/forum/index.php...2051417&hl=.
This URL will need to be updated to use a secure URL for your padlock to return. Form Failure A form with the action of "http://www.UtterAccess.com/forum/index.php?act=Search&CODE=01" exists in the source code of the tested page.
This form needs to be updated to use "https://www.UtterAccess.com/forum/index.php?act=Search&CODE=01" or another secure URL for your padlock to return. Form Failure A form with the action of "http://www.google.com" exists in the source code of the tested page.
This form needs to be updated to use "https://www.google.com" or another secure URL for your padlock to return. Form Failure A form with the action of "http://www.UtterAccess.com/forum/index.php?act=SF" exists in the source code of the tested page.
This form needs to be updated to use "https://www.UtterAccess.com/forum/index.php?act=SF" or another secure URL for your padlock to return. Form Failure A form with the action of "http://www.UtterAccess.com/forum/index.php?" exists in the source code of the tested page.
This form needs to be updated to use "https://www.UtterAccess.com/forum/index.php?" or another secure URL for your padlock to return. Form Failure A form with the action of "http://www.google.com" exists in the source code of the tested page.
This form needs to be updated to use "https://www.google.com" or another secure URL for your padlock to return.


--------------------
Daniel Pineault (2010-2019 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
isladogs
post Nov 7 2018, 06:44 AM
Post#13


UtterAccess VIP
Posts: 1,461
Joined: 4-June 18
From: Somerset, UK


Thanks for the link Daniel.
I'm just starting to convert my own website to https and that will be really useful to check any issues

--------------------
Go to the top of the page
 
ghubbell
post Nov 7 2018, 02:40 PM
Post#14


UA Administrator
Posts: -8,388,311
Joined: 21-April 01
From: Right here.


Merci Daniel. thumbup.gif
I'll poke around a bit here and there during the more quiet hours - see what I can find and fix without blowing things up... too much. blush.gif

Gord
Go to the top of the page
 
ghubbell
post Nov 7 2018, 07:48 PM
Post#15


UA Administrator
Posts: -8,388,311
Joined: 21-April 01
From: Right here.


I think I got a bunch of the boo-boos. No doubt there will be others so please don't be shy to post 'em here. I'll address them best as I can.

Thanks - merci!

Gord
Go to the top of the page
 
DanielPineault
post Nov 8 2018, 06:04 AM
Post#16


UtterAccess VIP
Posts: 6,720
Joined: 30-June 11



Thank you Gord!

--------------------
Daniel Pineault (2010-2019 Microsoft MVP)
Professional Help: http://www.cardaconsultants.com
Free MS Access Code, Tips, Tricks and Samples: http://www.devhut.net

* Design should never say "Look at me". It should always say "Look at this". -- David Craib
* A user interface is like a joke, if you have to explain it, it's not that good! -- Martin LeBlanc


All code samples, demonstration databases, links,... are provided 'AS IS' and are to be used at your own risk! Take the necessary steps to check, validate ...(you are responsible for your choices and actions)
Go to the top of the page
 
FrankRuperto
post Nov 8 2018, 06:18 AM
Post#17



Posts: 198
Joined: 21-September 14
From: Tampa Bay, Florida, USA


Thank You, Gord!

--------------------
Currently supporting many pawnbrokers that use my store management system developed with Access 2010 on Windows7. Experienced with Informix and Oracle DB's.
Go to the top of the page
 
cheekybuddha
post Nov 9 2018, 04:32 AM
Post#18


UtterAccess VIP
Posts: 11,424
Joined: 6-December 03
From: Telegraph Hill


Merci, Gord!

d thumbup.gif

--------------------


Regards,

David Marten
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    22nd July 2019 - 05:46 PM