Login broken

[RyshParticipant 134]

When I click on the login button, I get redirected to a http site. Even manual redirect to https does not work.

Login via http (not https) means blasting user/password out over the internet in clear text. Guys, you can’t be serious about that, can you? Some days ago, it used to work with https, but now it won’t anymore.

Please re-enable https login and link the login button to the https version.

Actually, having the whole forum in https would be even better. We’re living in the days of our governments and whomever spying on whatever they can. Don’t let them.

[Maraudrz1Participant 2250]

I didn’t have any trouble logging in. I logged out, shut down the browser, opened the browser up and logged in. No problems.

Women's brains and vagina have one thing in common. There is nothing in there until a man puts something in there.

[RyshParticipant 134]

Well of course I can log in. But only via http, not via https.

[KeymasterKeymaster]

OK… login isn’t broken. You can log in securely with HTTPS and browse securely
/login/

But…. you can also do it via HTTP at this very moment.

We are taking care of it and implementing something right now to send ALL HTTP traffic to HTTPS no matter what. But don’t worry, your password is NOT “being sent all over the internet in plain text”. There are MILLIONS of websites (like WordPress sites) that have logins without HTTPS padlock. HTTPS is just a 256-bit level of encryption on top of it to ensure your communications between you and the site are totally secure for extra peace of mind. But nothing is being broadcast anywhere.

As soon as we can confirm you can’t visit any page via HTTP I will post a follow up.

We moved to a new server last week and WE ARE SURE we were directing all HTTP traffic to HTTPS since the move, bur even though HTTPS is working, if someone WANTS to …. they can HTTP right now.

We’re on it. Thank you. More shortly.

If you keep doing what you've always done... you're gonna keep getting what you always got.

[KeymasterKeymaster]

OK can now confirm you cannot visit or login using HTTP , and all HTTP traffic is now going to HTTPS.

Rysh wrote:

Actually, having the whole forum in https would be even better.

They are. Every page is HTTPS.

Also… this StarWars picture is referenced from a non-secure standard HTTP website. That will make this thread APPEAR to be non-HTTPS because it has a resource coming from another site which isn’t officially “secure”. It’s not a problem however.

— image removed 08.06 for demonstration —

—

You cannot hit http:/login anymore.
It will direct you to HTTPS now – no matter what. We hope this alleviates your concern.

Thank you.

If you keep doing what you've always done... you're gonna keep getting what you always got.

[RyshParticipant 134]

Yep, now it works. Yesterday, when I clicked on “login”, that got me to http, and manually changing it to https didn’t yield the login mask. But that’s fixed now. Thank you!

(The problem with http login is that every node in-between gets the account data in clear text, that’s what I meant with passing the data over the internet. That is dangerous especially for people with mod/admin rights, their account data could be abused to wreak quite some havoc. Nevertheless, due to the http login of yesterday, I’ll change the password anyway.)

[RennieParticipant]

Is this the problem where the login boxes don’t appear?

If so I had that problem too. It just took some fiddling to get it to work for me.

[KeymasterKeymaster]

Rysh wrote:

Yep, now it works. Yesterday, when I clicked on “login”, that got me to http, and manually changing it to https didn’t yield the login mask. But that’s fixed now. Thank you!

Excellent.

The only time this may be a concern is if , for example, you’re on a public cafe internet connection. Someone could be “sniffing” the network to see what is being sent back and forth. But even dating sites like E-Harmony are not https secure.

http://www.eharmony.com/login/

We are. It’s very important and we take it seriously. So you needn’t worry.

And PS. I have removed the example Star Wars picture above (which came from another website) and now you’ll notice the thread is HTTPS secure again.

Rennie wrote:

Is this the problem where the login boxes don’t appear?

No that’s a little bug – totally inconsistent and very rare. We also noticed and it seems to just take a fraction of a second (or a page refresh) for those fields to show. We have removed caching on the login page so it’s always fresh to see if that makes a dif.

If you keep doing what you've always done... you're gonna keep getting what you always got.

[MyCocaineKeymaster 182]

Seems to be sorted now. Good stuff and good thread for others who ever want to know.

[RennieParticipant]

Keymaster wrote:

No that’s a little bug – totally inconsistent and very rare. We also noticed and it seems to just take a fraction of a second (or a page refresh) for those fields to show. We have removed caching on the login page so it’s always fresh to see if that makes a dif.

Ok, thanks for the information. It’s only a minor annoyance anyways.

[Author]

Posts