cancel
Showing results for 
Search instead for 
Did you mean: 
will13am
Oracle
Oracle
Status: Idea completed

It looks like the forum login isn't properly secured (http instead of https).  Please investigate and fix on a priority basis so as to not compromise any user accounts.  Kudos to @texwood for discovering this.

8 Comments
stonechucker
Mayor / Maire

I've just tested.  Signed out of community, closed and restarted my browser, signed back in manually.  Before pressing sign in, verified address bar showed https.  Successful login.  Still shows https.

 

IMG_0223.PNG

Watoko
Deputy Mayor / Adjoint au Maire

I know this may not be for the average joe user, but if you add a "s" to the http so that it becomes "https:" with the existing URL, it will actually change it to secure.

 

But +1 to this idea definitely for those who aren't technologically savvy. Would probably be an easy fix of redoing the hyperlinks on the main site.

will13am
Oracle
Oracle

This http/https thing is all over the map.  The problem with manually adding s is that it doesn't stick.  The links seem to default to http.  I tried to change the link to this thread to https and it worked.  When I click on the community forum link on the top right from within this thread, I go right back to http and stay on http.  The default should be https universally. 

ShawnC13
Oracle
Oracle

When I login it is https but after posting or reading in a thread the site is no longer secure.

will13am
Oracle
Oracle

@ShawnC13, depending on how the login is triggered, you can be directed to an unsecured login.  Take a read of the thread identified the issue.

 

http://productioncommunity.publicmobile.ca/t5/Discussions/Forum-login-not-secured/m-p/153777

texwood
Great Citizen / Super Citoyen

There is currently another idea post regarding the same issue:

 

https://productioncommunity.publicmobile.ca/t5/Public-Lab/Fix-security-issues-across-all-publicmobil...

 

These two idea posts should be linked.

 

Status changed to: Idea completed
Jeremy_M
Retraité / Retired
Retraité / Retired

@will13am @texwood

 

Thank you for sharing this idea with us. We have resolved the issue with our security certificates. Please confirm on your end.

 

Jeremy

texwood
Great Citizen / Super Citoyen

I have used the community site today and so far have not been able trigger the bug (as I did previously as described in the email).

 

Need Help? Let's chat.