Topic: LuLa website security (Read 2130 times)

rdonson · « **on:** August 03, 2018, 09:24:33 pm »

Chrome reports that this site is "Not Secure". That means the site is NOT using HTTPS. This is 2018 and everyone should be using HTTPS.

Is this true? Are you aware of this?

Kevin Raber · « **Reply #1 on:** August 03, 2018, 10:02:03 pm »

This site is secure - https://luminous-landscape.com/ see the s and it has multiple checks in place to protect it. Your Chrome is giving you an error.

Slobodan Blagojevic · « **Reply #2 on:** August 03, 2018, 10:06:52 pm »

The main site is secure, the forum isn't (both according to Chrome).

digitaldog · « **Reply #3 on:** August 03, 2018, 10:13:39 pm »

Neither Safari nor FireFox file any kind of complaints.
Not impressed with Chrome and as posted, I suspect it's just wrong.

Slobodan Blagojevic · « **Reply #4 on:** August 03, 2018, 10:26:30 pm »

Safari, logged in as a guest, delivers "not-secure." The warning disappears once logged in.

digitaldog · « **Reply #5 on:** August 03, 2018, 11:42:40 pm »

Quote from: Slobodan Blagojevic on August 03, 2018, 10:26:30 pm

Safari, logged in as a guest, delivers "not-secure."

Not on this Mac.

amolitor · « **Reply #6 on:** August 04, 2018, 12:24:49 am »

If I click on the front-page "FORUM" link it sends me to the secure page:

https://luminous-landscape.com/forum/

which then redirects me to the INSECURE page:

http://forum.luminous-landscape.com

and thenceforth I am on an unencrypted site. Note: The INSECURE site does not redirect you to the SECURE one which is contemporary best practices for things like ecommerce sites and applications that actually work with private information. Having a functioning INSECURE version of the site may or may not be appropriate, depending on your use case. It is possible that this kind of redirection will break tapatalk.

If I go directly to:

https://forum.luminous-landscape.com

I get the SECURE version of the forums, and remain on it.

It depends, in short, on what you click to get here. The redirect in https://luminous-landscape.com/forum/ should perhaps be fixed.

Honestly, it doesn't matter. As long as the login page is reliably secured, the forum connection can be unencrypted. What exactly are you typing on an openly readable forum that you want hidden from the scrutiny of packet sniffers?

Rajan Parrikar · « **Reply #7 on:** August 04, 2018, 02:52:22 am »

Quote from: digitaldog on August 03, 2018, 11:42:40 pm

Not on this Mac.

Safari shows the padlock symbol in its address bar if a site is https secure. For the forum it does not show it.

Rajan Parrikar · « **Reply #8 on:** August 04, 2018, 02:59:36 am »

Quote from: amolitor on August 04, 2018, 12:24:49 am

Honestly, it doesn't matter.

I think it matters to the Google search algorithm. And if the site owner cares about the rankings of search results, having a SSL secure site matters.

Alan Goldhammer · « **Reply #9 on:** August 04, 2018, 08:06:10 am »

I see the same behavior that others have noted using an up to date Firefox browser. The Forum is reported as not secure but the Home Page is. I'm not sure why the permissions should be different between the two of them other than the Web Host is not enforcing the transfer between the two in an appropriate manner.

Kevin Raber · « **Reply #10 on:** August 04, 2018, 08:45:51 am »

I have asked my web guys to look at this. We will update this thread with an answer.

digitaldog · « **Reply #11 on:** August 04, 2018, 08:51:51 am »

Quote from: amolitor on August 04, 2018, 12:24:49 am

It depends, in short, on what you click to get here. The redirect in https://luminous-landscape.com/forum/ should perhaps be fixed.

Honestly, it doesn't matter. As long as the login page is reliably secured, the forum connection can be unencrypted. What exactly are you typing on an openly readable forum that you want hidden from the scrutiny of packet sniffers?

OK yes, I can now confirm I see that behavior on my Mac. And agreed, doesn't seem like anything to worry about once logged in (or not logged in and lurking). But you figured out the disconnected between what I didn't see and Slobodan did see on our perspective ends.

digitaldog · « **Reply #12 on:** August 04, 2018, 08:55:30 am »

While we're here, I did find an oddity on logging into the forums from my iPhone through Safari. To do this test I had to log out of course. Couldn't log in! Keep getting 'wrong password or user name'. The fix was that I had to go to an email of a forum post and click on the Unsubscribe to this topic by using this link URL in the email. That different looking page then asks for me to log in and the password and user name now works. But not from the "log in" on the forum page itself. Very odd and a PITA to figure out a fix but it worked. I tried this a few times and it's a consistent 'bug' on the iPhone using Safari for some reason.

32BT · « **Reply #13 on:** August 04, 2018, 09:29:15 am »

Quote from: digitaldog on August 04, 2018, 08:55:30 am

While we're here, I did find an oddity on logging into the forums from my iPhone through Safari. To do this test I had to log out of course. Couldn't log in! Keep getting 'wrong password or user name'. The fix was that I had to go to an email of a forum post and click on the Unsubscribe to this topic by using this link URL in the email. That different looking page then asks for me to log in and the password and user name now works. But not from the "log in" on the forum page itself. Very odd and a PITA to figure out a fix but it worked. I tried this a few times and it's a consistent 'bug' on the iPhone using Safari for some reason.

Yes, it's the trick to use for logging in with an old username. I simply click a forummember name which requires logging in. Incidentally one isndirected to an unsecured login page.

digitaldog · « **Reply #14 on:** August 04, 2018, 09:30:50 am »

Quote from: opgr on August 04, 2018, 09:29:15 am

Yes, it's the trick to use for logging in with an old username. I simply click a forummember name which requires logging in. Incidentally one isndirected to an unsecured login page.

Old user name?
Seems like a bug.

32BT · « **Reply #15 on:** August 04, 2018, 09:56:16 am »

Quote from: digitaldog on August 04, 2018, 09:30:50 am

Old user name?
Seems like a bug.

The username prior to becoming a subscription site. And technically you're probably correct about the bug, i was trying to take an optimistic approach! :-)

digitaldog · « **Reply #16 on:** August 04, 2018, 10:14:17 am »

Quote from: opgr on August 04, 2018, 09:56:16 am

The username prior to becoming a subscription site. And technically you're probably correct about the bug, i was trying to take an optimistic approach! :-)

Ah, that makes sense, it is much older than subscription of the site.

hokuahi · « **Reply #17 on:** August 04, 2018, 10:41:22 am »

Quote from: digitaldog on August 04, 2018, 08:55:30 am

While we're here, I did find an oddity on logging into the forums from my iPhone through Safari. To do this test I had to log out of course. Couldn't log in! Keep getting 'wrong password or user name'. The fix was that I had to go to an email of a forum post and click on the Unsubscribe to this topic by using this link URL in the email. That different looking page then asks for me to log in and the password and user name now works. But not from the "log in" on the forum page itself. Very odd and a PITA to figure out a fix but it worked. I tried this a few times and it's a consistent 'bug' on the iPhone using Safari for some reason.

I have the same problem.

Telecaster · « **Reply #18 on:** August 04, 2018, 04:27:22 pm »

Quote from: digitaldog on August 04, 2018, 08:55:30 am

While we're here, I did find an oddity on logging into the forums from my iPhone through Safari. To do this test I had to log out of course. Couldn't log in! Keep getting 'wrong password or user name'. The fix was that I had to go to an email of a forum post and click on the Unsubscribe to this topic by using this link URL in the email. That different looking page then asks for me to log in and the password and user name now works. But not from the "log in" on the forum page itself. Very odd and a PITA to figure out a fix but it worked. I tried this a few times and it's a consistent 'bug' on the iPhone using Safari for some reason.

I remember something like this from when LuLa implemented pay-to-play but haven't had any issues since then. I use Safari too but on my iPad.

-Dave-

Jeff · « **Reply #19 on:** August 05, 2018, 02:14:43 am »

I am using Safari 11.1.2.

The Forum and Endownment categories do not have the padlock everything else does.

Author Topic: LuLa website security (Read 2130 times)