FR
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Register now!

Forum login not secured?

texwood
Great Citizen / Super Citoyen

‎05-15-2017 11:43 AM - edited ‎01-05-2022 02:05 AM

PM_Forum_login.png

I am getting the following prompt today after a recent browser upgrade.  It looks like PM forum logon is not secured via https by default.  Any plans to change this?

 

Labels:
16 REPLIES 16

Michael77
Deputy Mayor / Adjoint au Maire
In response to Vimalkumar

‎10-08-2017 08:49 AM

Everyone I know on PM gets the same message from time to time. We just ignore it. Is this something we should be worried about?

0 Bravos

Vimalkumar
Great Citizen / Super Citoyen

‎10-07-2017 08:50 PM

I have faced same issue
0 Bravos

texwood
Great Citizen / Super Citoyen

‎06-16-2017 08:03 PM

According to the admins, the issue has been fixed:

 

https://productioncommunity.publicmobile.ca/t5/Public-Lab/Investigate-Forum-Login-Not-Secured/idi-p/...

 

So far I have not been able to trigger the error as I previously have done.

 

0 Bravos

zhadj030
Mayor / Maire
In response to computergeek541

‎05-16-2017 01:35 PM

@computergeek541 wrote:

I see this type of security warning about the login page not being secured on a regular basis.  At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss.  It's entirely random.  The solution is just to manually type in the "s"  for the https in the address bar and then click on the sign in link again.

 

Unfortunately, to this day, Internet Explorer just isn't an option any more for this website.  Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link.  When you close it, it just  repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.

Or you can install the extension "https Everywhere" like the one on Tor. It should force https connection on very much every site you visit when available.

computergeek541
Oracle
Oracle
In response to will13am

‎05-16-2017 03:02 AM - edited ‎05-16-2017 03:03 AM

I see this type of security warning about the login page not being secured on a regular basis.  At least when using Firefox, the Community tab will sometimes load without the "s" in the https part of the addresss.  It's entirely random.  The solution is just to manually type in the "s"  for the https in the address bar and then click on the sign in link again.

 

Unfortunately, to this day, Internet Explorer just isn't an option any more for this website.  Ever since the introduction of the Simon bot, the window for it pops up every time you load any message or click on any link.  When you close it, it just  repeatedly opens back up again and blocks much of the community pages so that you can't read anything properly.

will13am
Oracle
Oracle
In response to texwood

‎05-15-2017 10:52 PM - edited ‎05-15-2017 10:58 PM

@texwood wrote:

Try the following:

1) Go to www.publicmobile.ca

2) Click grey "Community" button

3) Click "Sign in" below the "Help" in the green area

Throughout 1-3 that connection is under https.

 

In contrast to the following:

A) Go to www.publicmobile.ca

B) Click grey "Community" button

C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")

D) Click "Sign in" at the green area.

 

You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http.  That shows that some of the links in the forum point to http instead of https by default throughout.

 

The screenshot is from Opera which displays warnings more visibily.  In Chrome it shows up at the address bar as "not secure".

 

 

I tried this and I got the following link with sign in popup.  The name of the link says it all.  To be honest, the public forum should be 100% https.  These days, nothing should be http.  Anyway, I reported this anomaly in the labs section.  Hopefully this security flaw is fixed asap.  Note to everyone, don't use the same credentials for the community forum as the  My Account sign in. 

 

http://productioncommunity.publicmobile.ca/t5/Discussions/Forum-login-not-secured/m-p/153777

echf
Model Citizen / Citoyen Modèle
In response to zhadj030

‎05-15-2017 01:53 PM

Additional information:

I got a security warning few days ago when I try to access My Account.

The certificate issued by Avast it's not valid. Seems the there is some problem with the domain redirection that the certificate does not recognize. 

 

When I tried to access Koodo self self (also issued by Avast for Telus), no warning.

0 Bravos

zhadj030
Mayor / Maire

‎05-15-2017 12:37 PM

Https (Not) everywhere!!! ?
I didn't notice this problem before . Anyone got more info?
0 Bravos

texwood
Great Citizen / Super Citoyen
In response to Samianauman

‎05-15-2017 12:35 PM

This is the warning in Firefox.

PM_Forum_login_Firefox.JPG

 

 

0 Bravos

texwood
Great Citizen / Super Citoyen
In response to Samianauman

‎05-15-2017 12:31 PM

@Samianauman wrote:
Did you tried on a different browser
And of doesn't work and resetting password option doesn't help either I would say get mod involved to see if they are able to provide some help to you

This has nothing to do with individual account or password reset but rather a website configuration issue.

Different browsers behaves differently.  Edge does not have warnings.  Chrome currently does not have such explicit warning but rather just on the status bar; however I expect that to change in upcoming revisions of Chrome.  Opera and Firefox display such warnings "in your face".

 

Samianauman
Mayor / Maire
In response to texwood

‎05-15-2017 12:21 PM - edited ‎05-15-2017 12:22 PM

Did you tried on a different browser
And of doesn't work and resetting password option doesn't help either I would say get mod involved to see if they are able to provide some help to you
Contact mod dept they will help you with the process
In your private message to any moderator include whatever bits of the following info you have:
* PM account email address
* PM phone number
* Detailed explanation
* Community Moderators are available from Mon-Thursday 9am(EST) to 9pm(EST) and Friday, Saturday, and Sunday from 9am(EST) to 5:30pm(EST)
Here is the link for how to contact moderators http://productioncommunity.publicmobile.ca/t5/Knowledge-Base/Updiated-Contacting-our-Community-Moder...

What you do click on link then webpage will open. You will see a mod team click on any name then scroll down all the way and click on send a private msg then explain your reason with account and email address
Thanks
** I am not a Mod, please do not include any private info in a private message to me.**
0 Bravos

texwood
Great Citizen / Super Citoyen
In response to CaNuCk07

‎05-15-2017 12:17 PM

@CaNuCk07 wrote:

im curious if the my account login has the same issue?

The account side seems fine.  It's the forum side that for some links are not https by default .

 

texwood
Great Citizen / Super Citoyen
In response to xCameron94x

‎05-15-2017 12:15 PM - edited ‎05-15-2017 12:19 PM

Try the following:

1) Go to www.publicmobile.ca

2) Click grey "Community" button

3) Click "Sign in" below the "Help" in the green area

Throughout 1-3 that connection is under https.

 

In contrast to the following:

A) Go to www.publicmobile.ca

B) Click grey "Community" button

C) Click on the first item on Feature Topic (at this moment it is "NEW: Talk and Text Promo Plan")

D) Click "Sign in" at the green area.

 

You will notice after C), the browser connection drops from https to http, which causes the login prompt in D) to communicate via unsecured http.  That shows that some of the links in the forum point to http instead of https by default throughout.

 

The screenshot is from Opera which displays warnings more visibily.  In Chrome it shows up at the address bar as "not secure".

 

 

SD08
Retired Oracle / Oracle Retraité
In response to CaNuCk07

‎05-15-2017 12:07 PM - edited ‎05-15-2017 12:10 PM

@CaNuCk07 wrote:

im curious if the my account login has the same issue?

@CaNuCk07

The self-serve account login does include the "https" so it should be secure.

https://selfserve.publicmobile.ca/

0 Bravos

xCameron94x
Mayor / Maire
In response to CaNuCk07

‎05-15-2017 11:59 AM

i just logged out and then back in. Did not see the "login not secure" message

0 Bravos

CaNuCk07
Mayor / Maire

‎05-15-2017 11:57 AM

im curious if the my account login has the same issue?

0 Bravos
Top
Copyright © 2025 Khoros, LLC
Need Help? Let's chat.