Improving our HTTPS support is something we are definitely interested in. There are a number of behind-the-scenes details we need to sort out before it is feasible to force HTTPS on 100% of pages.
At the moment, our servers do support HTTPS, and we do require it for certain key parts of the site. For example, our login form submits your username and password over HTTPS. Firefox and Chrome are displaying increasingly verbose warnings when logging in from the home page when the surrounding page is not HTTPS, and that is something we are looking at addressing.
In general, we do not forcefully redirect you to HTTPS pages. The most likely path is that we would gradually require HTTPS on incrementally more portions of the site rather than turning it all on at once, across the full site.
Improving our HTTPS support is something we are definitely interested in. There are a number of behind-the-scenes details we need to sort out before it is feasible to force HTTPS on 100% of pages.
At the moment, our servers do support HTTPS, and we do require it for certain key parts of the site. For example, our login form submits your username and password over HTTPS. Firefox and Chrome are displaying increasingly verbose warnings when logging in from the home page when the surrounding page is not HTTPS, and that is something we are looking at addressing.
In general, we do not forcefully redirect you to HTTPS pages. The most likely path is that we would gradually require HTTPS on incrementally more portions of the site rather than turning it all on at once, across the full site.
@Mutron
[quote]Firefox and Chrome are displaying increasingly verbose warnings when logging in from the home page when the surrounding page is not HTTPS, and that is something we are looking at addressing.[/quote]Both FF and Chrome complain because the page itself is not secure. They are correct. The HTML source could be munged in transit, the login part manipulated for side-channeling before submit.
[quote]The most likely path is that we would gradually require HTTPS on incrementally more portions of the site rather than turning it all on at once, across the full site.[/quote]You wouldn't need to change the content construction, only the addressing, which ought, if configured correctly, be trivial.
@
Mutron
Quote:
Firefox and Chrome are displaying increasingly verbose warnings when logging in from the home page when the surrounding page is not HTTPS, and that is something we are looking at addressing.
Both FF and Chrome complain because the page itself is not secure. They are correct. The HTML source could be munged in transit, the login part manipulated for side-channeling before submit.
Quote:
The most likely path is that we would gradually require HTTPS on incrementally more portions of the site rather than turning it all on at once, across the full site.
You wouldn't need to change the content construction, only the addressing, which ought, if configured correctly, be trivial.
In pinging me I assume consent to be pinged back. This is because I disabled signature display (too many intrusive banners)
Solar stance time difference: +9 Hours FRT
My avatar
[quote name="Ettanin" date=2017-03-29 10:47:59]
Both FF and Chrome complain because the page itself is not secure. They are correct. The HTML source could be munged in transit, the login part manipulated for side-channeling before submit.
[/quote]
Yes, it's definitely correct for them to show those warnings -- the way we are looking at addressing this short term is to create a dedicated HTTPS-only login page, because unless the site is 100% HTTPS-only this concern will always exist (since there is a login form on every page.)
Ettanin wrote on 2017-03-29:
Both FF and Chrome complain because the page itself is not secure. They are correct. The HTML source could be munged in transit, the login part manipulated for side-channeling before submit.
Yes, it's definitely correct for them to show those warnings -- the way we are looking at addressing this short term is to create a dedicated HTTPS-only login page, because unless the site is 100% HTTPS-only this concern will always exist (since there is a login form on every page.)
@
Mutron
Should we be concerned for the security of our information?
I for one would like to know if my information could be accessed by non-Flight Rising staff. I would like to know if this information is secure- and if it's not, when it will be.
@
Mutron
Should we be concerned for the security of our information?
I for one would like to know if my information could be accessed by non-Flight Rising staff. I would like to know if this information is secure- and if it's not, when it will be.
Hello everyone! Thank you for sharing your concerns with us. Please know, we take your privacy and security very seriously. If you have any questions regarding who has access to your information or how it is used, you can find those answers here in our
Privacy Policy. if you would like to share any additional feedback or concerns, please send us a message directly through
Contact Us.
Hello everyone! Thank you for sharing your concerns with us. Please know, we take your privacy and security very seriously. If you have any questions regarding who has access to your information or how it is used, you can find those answers here in our
Privacy Policy. if you would like to share any additional feedback or concerns, please send us a message directly through
Contact Us.
