cancel
Showing results for 
Search instead for 
Did you mean: 

Forum login not secured?

texwood
Great Citizen / Super Citoyen

PM_Forum_login.png

I am getting the following prompt today after a recent browser upgrade.  It looks like PM forum logon is not secured via https by default.  Any plans to change this?

 

16 REPLIES 16

Michael77
Deputy Mayor / Adjoint au Maire

Everyone I know on PM gets the same message from time to time. We just ignore it. Is this something we should be worried about?

Vimalkumar
Great Citizen / Super Citoyen
I have faced same issue

texwood
Great Citizen / Super Citoyen

According to the admins, the issue has been fixed:

 

https://productioncommunity.publicmobile.ca/t5/Public-Lab/Investigate-Forum-Login-Not-Secured/idi-p/...

 

So far I have not been able to trigger the error as I previously have done.

 


@computergeek541 wrote:

I see this type of security warning about the login page not being secured on a regular basis.  At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss.  It's entirely random.  The solution is just to manually type in the "s"  for the https in the address bar and then click on the sign in link again.

 

Unfortunately, to this day, Internet Explorer just isn't an option any more for this website.  Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link.  When you close it, it just  repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.


Or you can install the extension "https Everywhere" like the one on Tor. It should force https connection on very much every site you visit when available.

I see this type of security warning about the login page not being secured on a regular basis.  At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss.  It's entirely random.  The solution is just to manually type in the "s"  for the https in the address bar and then click on the sign in link again.

 

Unfortunately, to this day, Internet Explorer just isn't an option any more for this website.  Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link.  When you close it, it just  repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.


@texwood wrote:

Try the following:

1) Go to www.publicmobile.ca

2) Click grey "Community" button

3) Click "Sign in" below the "Help" in the green area

Throughout 1-3 that connection is under https.

 

In contrast to the following:

A) Go to www.publicmobile.ca

B) Click grey "Community" button

C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")

D) Click "Sign in" at the green area.

 

You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http.  That shows that some of the links in the forum point to http instead of https by default throughout.

 

The screenshot is from Opera which displays warnings more visibily.  In Chrome it shows up at the address bar as "not secure".

 

 


I tried this and I got the following link with sign in popup.  The name of the link says it all.  To be honest, the public forum should be 100% https.  These days, nothing should be http.  Anyway, I reported this anomaly in the labs section.  Hopefully this security flaw is fixed asap.  Note to everyone, don't use the same credentials for the community forum as the  My Account sign in. 

 

http://productioncommunity.publicmobile.ca/t5/Discussions/Forum-login-not-secured/m-p/153777

echf
Model Citizen / Citoyen Modèle

Additional information:

I got a security warning few days ago when I try to access My Account.

The certificate issued by Avast it's not valid. Seems the there is some problem with the domain redirection that the certificate does not recognize. 

 

When I tried to access Koodo self self (also issued by Avast for Telus), no warning.

zhadj030
Mayor / Maire
Https (Not) everywhere!!! ?
I didn't notice this problem before . Anyone got more info?

texwood
Great Citizen / Super Citoyen

This is the warning in Firefox.

PM_Forum_login_Firefox.JPG

 

 

texwood
Great Citizen / Super Citoyen

@Samianauman wrote:
Did you tried on a different browser
And of doesn't work and resetting password option doesn't help either I would say get mod involved to see if they are able to provide some help to you


This has nothing to do with individual account or password reset but rather a website configuration issue.

Different browsers behaves differently.  Edge does not have warnings.  Chrome currently does not have such explicit warning but rather just on the status bar; however I expect that to change in upcoming revisions of Chrome.  Opera and Firefox display such warnings "in your face".

 

Did you tried on a different browser
And of doesn't work and resetting password option doesn't help either I would say get mod involved to see if they are able to provide some help to you
Contact mod dept they will help you with the process
In your private message to any moderator include whatever bits of the following info you have:
* PM account email address
* PM phone number
* Detailed explanation
* Community Moderators are available from Mon-Thursday 9am(EST) to 9pm(EST) and Friday, Saturday, and Sunday from 9am(EST) to 5:30pm(EST)
Here is the link for how to contact moderators http://productioncommunity.publicmobile.ca/t5/Knowledge-Base/Updiated-Contacting-our-Community-Moder...

What you do click on link then webpage will open. You will see a mod team click on any name then scroll down all the way and click on send a private msg then explain your reason with account and email address
Thanks
** I am not a Mod, please do not include any private info in a private message to me.**

texwood
Great Citizen / Super Citoyen

@CaNuCk07 wrote:

im curious if the my account login has the same issue?


The account side seems fine.  It's the forum side that for some links are not https by default .

 

texwood
Great Citizen / Super Citoyen

Try the following:

1) Go to www.publicmobile.ca

2) Click grey "Community" button

3) Click "Sign in" below the "Help" in the green area

Throughout 1-3 that connection is under https.

 

In contrast to the following:

A) Go to www.publicmobile.ca

B) Click grey "Community" button

C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")

D) Click "Sign in" at the green area.

 

You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http.  That shows that some of the links in the forum point to http instead of https by default throughout.

 

The screenshot is from Opera which displays warnings more visibily.  In Chrome it shows up at the address bar as "not secure".

 

 

SD08
Retired Oracle / Oracle Retraité

@CaNuCk07 wrote:

im curious if the my account login has the same issue?


@CaNuCk07

The self-serve account login does include the "https" so it should be secure.

https://selfserve.publicmobile.ca/

i just logged out and then back in. Did not see the "login not secure" message

CaNuCk07
Mayor / Maire

im curious if the my account login has the same issue?

Need Help? Let's chat.