Since it's pretty well the only way for anyone with an across-the-board interest (multiple forums) to monitor recent activity from one place, it's my default and basically sole gateway to C&F and I've never understood how anyone manages without it unless they're literally only interested in flutes, uilleann pipes or whatever!Nanohedron wrote:I've never seen much reason to use Active Topics, and I usually leave it alone.
Security certificate expired?
- Peter Duggan
- Posts: 3223
- Joined: Tue Aug 30, 2011 5:39 pm
- antispam: No
- Please enter the next number in sequence: 8
- Tell us something.: I'm not registering, I'm trying to edit my profile! The field “Tell us something.” is too short, a minimum of 100 characters is required.
- Location: Kinlochleven
- Contact:
Re: Security certificate expired?
- Nanohedron
- Moderatorer
- Posts: 38212
- Joined: Wed Dec 18, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 8
- Tell us something.: Been a fluter, citternist, and uilleann piper; committed now to the way of the harp.
Oh, yeah: also a mod here, not a spammer. A matter of opinion, perhaps. - Location: Lefse country
Re: Security certificate expired?
Here's how it works for me: I start from the Index Page, because it already tells me if there's activity. True, it's nonspecific; I'll only know that Forum X has at least one new post. So I open the Forum X page, which for me is rather like opening a package, and the first thing I take in is the lay of the land. Same with threads. I might even learn something from seeing the timing of new posts in the context of their surroundings, which can be useful in informing a mod's judgment in certain circumstances. Seldom as that might be, it's still information, and the more information I have at a glance, the better I like it.Peter Duggan wrote:Since it's pretty well the only way for anyone with an across-the-board interest (multiple forums) to monitor recent activity from one place, it's my default and basically sole gateway to C&F and I've never understood how anyone manages without it unless they're literally only interested in flutes, uilleann pipes or whatever!Nanohedron wrote:I've never seen much reason to use Active Topics, and I usually leave it alone.
I suppose you could call it a panoramic approach, for lack of a better word...
"If you take music out of this world, you will have nothing but a ball of fire." - Tribal musician
-
- Posts: 1419
- Joined: Sun Dec 05, 2010 2:59 pm
- antispam: No
- Please enter the next number in sequence: 10
- Location: Southwestern Ontario
Re: Security certificate expired?
No, not exactly. Using HTTPS for the login page encrypts only the login, protecting your password. If you then switch to HTTP for browsing, be it through Active Topics at search.php?search_id=active_topics, or the index page at index.php, or whatever, then your browsing is not encrypted; anyone else on the coffee shop WiFi can watch the deepest wisdom of C&F go by if they have the necessary software.Nanohedron wrote:So am I to understand that even though Active Topics is HTTP, in this case it doesn't matter, because the login was via HTTPS and that covers everything?
- Nanohedron
- Moderatorer
- Posts: 38212
- Joined: Wed Dec 18, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 8
- Tell us something.: Been a fluter, citternist, and uilleann piper; committed now to the way of the harp.
Oh, yeah: also a mod here, not a spammer. A matter of opinion, perhaps. - Location: Lefse country
Re: Security certificate expired?
Okay, got it. Thanks.
Casting our bread upon the waters, eh? Hmm. An enviable bounty plus free marketing ... I can picture the spammers now.Tunborough wrote:... [then] anyone else on the coffee shop WiFi can watch the deepest wisdom of C&F go by if they have the necessary software.
"If you take music out of this world, you will have nothing but a ball of fire." - Tribal musician
-
- Posts: 399
- Joined: Wed Jun 06, 2012 6:23 am
- antispam: No
- Please enter the next number in sequence: 8
- Location: Europe and Japan
Re: Security certificate expired?
Unfortunately it's not entirely safe. It does protect your plain-text password, but when you're logged in there's a cookie sent from your computer to the server, and with HTTP that one's in plaintext too. It's not as problematic as with the password, because anyone with nearly zero knowledge could get your login credentials by watching your password with the simplest of tools, while they would have to be slightly more sophisticated to see how to (mis-)use your cookie (not that it's difficult: Copy it and let your browser serve it - and you're "me" - the tricky part is to understand how to copy it into your browser's cookie jar).Tunborough wrote:Turns out, you can login via HTTPS, at https://forums.chiffandfipple.com/ucp.php?mode=login, then continue your browsing via HTTP, at search.php?search_id=active_topics, and still be logged in. This keeps your password secret, but avoids the problem with the missing avatars, for what it's worth.
So yes, logging in with HTTPS and continuing with HTTP is far better than only HTTP, but it doesn't protect you from the dedicated ones. Only from the rabble. Which is probably fine for C&F, *except* for the moderators - you guys should use HTTPS all the time, if someone gets hold of your login (or already-logged in session, as it were, with the cookie approach), they can do lots of damage, e.g. sabotage, banning people left and right, maybe they could even ban other moderators.
- Nanohedron
- Moderatorer
- Posts: 38212
- Joined: Wed Dec 18, 2002 6:00 pm
- antispam: No
- Please enter the next number in sequence: 8
- Tell us something.: Been a fluter, citternist, and uilleann piper; committed now to the way of the harp.
Oh, yeah: also a mod here, not a spammer. A matter of opinion, perhaps. - Location: Lefse country
Re: Security certificate expired?
Thanks. I will definitely bear this in mind.Tor wrote:So yes, logging in with HTTPS and continuing with HTTP is far better than only HTTP, but it doesn't protect you from the dedicated ones. Only from the rabble. Which is probably fine for C&F, *except* for the moderators - you guys should use HTTPS all the time, if someone gets hold of your login (or already-logged in session, as it were, with the cookie approach), they can do lots of damage, e.g. sabotage, banning people left and right, maybe they could even ban other moderators.
"If you take music out of this world, you will have nothing but a ball of fire." - Tribal musician