IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

[Solved]https/Secure Login


IBM Mainframe Forums -> Suggestions & Feedback
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Nic Clouston

Global Moderator


Joined: 10 May 2007
Posts: 2449
Location: Hampshire, UK

PostPosted: Mon Aug 13, 2018 1:17 pm
Reply with quote

Norton blocked my signin today saying that this is a suspicious site. When are you going to provide Secure Sign in? Here and the beginners.
Back to top
View user's profile Send private message
steve-myers

Active Member


Joined: 30 Nov 2013
Posts: 869
Location: The Universe

PostPosted: Mon Aug 13, 2018 7:52 pm
Reply with quote

Just a comment - not to throw stones at anyone - but this is an issue that's been brewing for a long time.

Now I don't follow phBB forum software, but has phBB addressed this issue? If it has, has our forum installed whatever phBB software addresses this issue?

For you lurkers out there, phBB software is used for this message board, as well as many other forums with a similar goal. It is quite popular and runs some very popular - and heavily trafficked - forums.
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Mon Aug 13, 2018 7:55 pm
Reply with quote

This is not about phpBB. The issue is because of the missing https protocol. We will be migrating soon.
Back to top
View user's profile Send private message
steve-myers

Active Member


Joined: 30 Nov 2013
Posts: 869
Location: The Universe

PostPosted: Mon Aug 13, 2018 9:21 pm
Reply with quote

Yes, but does phpBB support https protocol? Or is that strictly a web server issue?
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Mon Aug 13, 2018 10:40 pm
Reply with quote

Yes, PhbBB supports https.
Back to top
View user's profile Send private message
Nic Clouston

Global Moderator


Joined: 10 May 2007
Posts: 2449
Location: Hampshire, UK

PostPosted: Tue Aug 14, 2018 2:54 pm
Reply with quote

The problem with Norton appears to be fixed as it did not intercede today. Looking forward to the https: sign-in coming.
Back to top
View user's profile Send private message
Nic Clouston

Global Moderator


Joined: 10 May 2007
Posts: 2449
Location: Hampshire, UK

PostPosted: Sat Aug 18, 2018 2:16 am
Reply with quote

Norton warned me again this evening.
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1689
Location: Tiruppur, India

PostPosted: Sat Aug 18, 2018 2:37 am
Reply with quote

Quote:
Norton warned me again this evening.
I agree that there is no https for this site, but Obviously Norton is wrong here, we already know that this site has clean content. By chance even if there were any malware implanted as drive-by attacks, still Chrome would alert users.
Chrome by itself would warn people of suspicious sites, which it does not.

Personally I think Norton is crap. Vanilla Windows Defender is much better.
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Sat Aug 18, 2018 3:00 am
Reply with quote

Nic Clouston, Please send me a screenshot in PM. I will look into it.
Back to top
View user's profile Send private message
Nic Clouston

Global Moderator


Joined: 10 May 2007
Posts: 2449
Location: Hampshire, UK

PostPosted: Sat Aug 18, 2018 1:46 pm
Reply with quote

Next time it happens, it did not happen today, I will do that.

BTW. I am using Firefox 61.0.2 64 bit.
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Fri Nov 27, 2020 11:01 pm
Reply with quote

We are on HTTPS protocol now.

We are also working on to enable HSTS and the Mobile Friendliness.
Back to top
View user's profile Send private message
steve-myers

Active Member


Joined: 30 Nov 2013
Posts: 869
Location: The Universe

PostPosted: Sat Nov 28, 2020 5:37 am
Reply with quote

Yes, I see it's "secure" which is good.

What is HSTS and if Mobile friendly is not what I think it is, what is it? Since I do not own a "smart" phone and my personal cell phone doesn't do data being mobile friendly is meaningless to me. Of course my daughter calls me a Luddite! Not that she really knows the history of the term.

Is HTTPS going to extend to ibmmainframeforum? I just went there and found it was not "secure."
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Sat Nov 28, 2020 5:19 pm
Reply with quote

HSTS is the next level of transport layer security. When a site implements HTTPS protocol, the transformation from HTTP to HTTPS happens in the sever level (usually we do a forced 301). The issue here is, all the HTTPS servers are extremely vulnerable to the man-in-the-middle-attack(MITM) due to those milliseconds delay in the 301/302 redirect.

But with HSTS, the redirect happens in the user's(/hacker's) browser itself. HSTS forces browsers to load over HTTPS, so even if you try loading the HTTP version of a website, the HTTP request gets ignored in the browser itself and send as an HTTPS request to the server.

Mobile Friendliness is making a website "also" readable/usable in mobile devices. It doesn't affect the desktop usability in anyway. Use this tool to test the mobile friendliness of a website
Back to top
View user's profile Send private message
mcmillan

Site Admin


Joined: 18 May 2003
Posts: 1204
Location: India

PostPosted: Mon Dec 14, 2020 4:57 am
Reply with quote

We have successfully implemented HSTS now. And we are one of the fastest and safest sites in the world now(<1%).

Google Pagespeed

Results after HSTS:

securityheaders.com/?q=ibmmainframes.com

ssllabs.com?d=ibmmainframes.com
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> Suggestions & Feedback

 


Similar Topics
Topic Forum Replies
This topic is locked: you cannot edit posts or make replies. Is there a way to restrict user login... All Other Mainframe Topics 11
No new posts IBM HTTP web server - redirect http t... All Other Mainframe Topics 5
This topic is locked: you cannot edit posts or make replies. Get a job submitted itself every time... JCL & VSAM 3
This topic is locked: you cannot edit posts or make replies. Secure Browse to open dataset TSO/ISPF 3
No new posts Peoplesoft to CICS Web Services with ... CICS 0
Search our Forums:

Back to Top