LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Theres been an on going discussion in the Security forum about ssl tls1 and tls 1.1 and how it relates to website security, as well as how it relates to LQ and other sites as well.
I notice when I visit https://www.linuxquestions.org my browser gives me a security error stating that your server tried to enable security but failed. and also gives me a warning that the session is not secure and that I shouldnt transmit sensitive data.(Opera-latest version) There are many wesites out that offer to encrypt passwords but not the session, or contents, and many more dont offer https at all.
If you wouldnt mind commenting or reading the article I started I would appreciate it.
My goal is to spread knowlege of just how insecure the web is and get others reading on LQ thinking about their choice of protocols, and the availability of encrypted protocols, and possibly getting everyone to eventually start using them.
Theres been an on going discussion in the Security forum about ssl tls1 and tls 1.1 and how it relates to website security, as well as how it relates to LQ and other sites as well.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,602
Rep:
deepsix,
I think it's explained fairly well in the linked thread. The session actually is secure, but some images come from either our CDN or our static assets server, neither of which support SSL at this time. Thanks for the feedback.
I think it's explained fairly well in the linked thread. The session actually is secure, but some images come from either our CDN or our static assets server, neither of which support SSL at this time. Thanks for the feedback.
--jeremy
ty guys not trying to start the thread again... my connection to your server through HTTPS may be secure but the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured that isnt secure therefore plausibly the other server has access to my supposed https session. https should be HTTPS... i can write a book and call it HTTPS and let the contents be HTTP... doesnt make the entire book HTTPS...
sry to cause so much trouble guys and gals... just feel compelled to get to share...
Well then please don't. Best thing is to create a new thread, present your detailed, technical infomation (and not vague descriptions of things like saying "the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured") and if necessary refer to this thread if you think it provides the necessary background information.
Quote:
Originally Posted by deepsix
therefore plausibly the other server has access to my supposed https session.
I suggest you reread the replies in http://www.linuxquestions.org/questi...rowser-680585/ again and then not say "plausible" but instead come up with something tangible that supports your claim (and we could test for).
Well then please don't. Best thing is to create a new thread, present your detailed, technical infomation (and not vague descriptions of things like saying "the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured") and if necessary refer to this thread if you think it provides the necessary background information.
I suggest you reread the replies in http://www.linuxquestions.org/questi...rowser-680585/ again and then not say "plausible" but instead come up with something tangible that supports your claim (and we could test for).
A direct link to the specific post would be a lot better, otherwise people in the future won't have a clue what you were referring to. That said, could you explain what exactly is the point you're trying to make? The linked post doesn't seem to contain anything we didn't already know.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.