• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

My World: Asher really needs to move with the times!

Asher Kelman

OPF Owner/Editor-in-Chief
Asher, I really hate to bother you with that problem, but I feel it is really important.


I have began to address this by studying the mechanics of the change.

But I do wonder what protections https brings?

Right now I laboriously check for any spamming from the registrant’s IP address. I look for spammers or dictionary hackers etc. I even search for a phrase they may have used in the registration even in the first several posts. What I fear is the person getting in and copying list of members of OPF and trying to sell them drugs, insurance or whatever. So how does the HTTPS designation help us in such needed security?

Asher
 

Robert Watcher

Well-known member
I have began to address this by studying the mechanics of the change.

But I do wonder what protections https brings?

Right now I laboriously check for any spamming from the registrant’s IP address. I look for spammers or dictionary hackers etc. I even search for a phrase they may have used in the registration even in the first several posts. What I fear is the person getting in and copying list of members of OPF and trying to sell them drugs, insurance or whatever. So how does the HTTPS designation help us in such needed security?

Asher

This may help Asher - https://www.vbulletin.com/forum/articles/4361080-converting-your-forum-to-https


——-
 

Asher Kelman

OPF Owner/Editor-in-Chief

This is a wonderful link, Robert, thanks!

So now we have a major issue: images that are from http sites. These will get our site labeled as “unsafe”. ?

So we need to either block uploading of silica images, (as explained by links in your above reference paper), or better still I need to attached all images and store them in OPF.

So can anyone write a program that will plough through OPF, download each successive image to a gallery and then embed that image back on the page?

I will pay for that a reasonable fee!

Any ideas who can do that?

Asher
 

Asher Kelman

OPF Owner/Editor-in-Chief
Can anyone refine my request below so it would be understood best by a programmer I could get to make an app to convert all linked images to ones stored on OPF server:


“Write an app to harvest linked image files to a catalog, organized by photographer) in vbulletin 3 and upgrades and then replace existing link, (for each posted image), to the new catalog”


Asher
 

Robert Watcher

Well-known member
Can anyone refine my request below so it would be understood best by a programmer I could get to make an app to convert all linked images to ones stored on OPF server:


“Write an app to harvest linked image files to a catalog, organized by photographer) in vbulletin 3 and upgrades and then replace existing link, (for each posted image), to the new catalog”


Asher

I noticed this solution. Not sure whether it work with this version of vbulletin or not. https://www.vbulletin.org/forum/showthread.php?p=2589795#post2589795

While your suggested solution sounds viable, I think you would get into complications related to your right to store these copyrighted images on your server without express permission from the owner. While many might not mind, I am aware that photographers often store their embedded files on their own server or choice of server, so they can maintain control of the images. Just something to think about.

——-
 

Robert Watcher

Well-known member
It appears like the Mixed Content Block may be an issue with transitioning your forum over to https. At the least it won’t be quite as easy as a regular website.

I got into a similar issue last year when I built a couple of PWA web apps for clients, that linked to a currency converter API as well as a weather API that were not being served from https. They were both free services. PWA’s have to be delivered over https which requires all scripts and files delivered from other sources to come from https as well - so I had no choice but to find different secure API’s To provide me with the same functionality for my apps.

This doesn’t help your situation, but letting you know that I understand the predicament of making such a change on the forum.

——
 

Jerome Marot

Well-known member
Why make things more complicated than it needs be?

The first and most serious problem is that login and its associated password should be transmitted over https. The second problem is that the vbulletin version this forum uses is too old.

Just get https installed first. That should be easy and will solve the password problem.

Then try a recent version of vbulletin. That is already a hand full of work. Maybe you try it on an alternative web site first: openphotographyforums-test.com

When that works, you can deal with the image storage problem. The more recent version of vbulletin should make that work easier.
 

Asher Kelman

OPF Owner/Editor-in-Chief
Hi Jerome,

I already paid vBulletin for the upgrade but ran into issues that the entire site is customized by Nicolas Claris' assistant who was severely injured in a motor vehicle accident and so is unavailable. Otherwise we would have been upgraded ages ago.

I understand now that password transmission is your key concern. I would hope then that folk do not use one password for every social network.

Upgrade to vBulletin 5 is not the barrier as 3 works fine except for Galleries and that can be done in this version. It is reported that the version 4 onwards on not as robust as version 3. However, I am only reading what the "experts" write.


Does anyone know which of the usual image storage serving platforms we use are already Google-compliant and since how long. Then I could estimate what the impact in unavailable images would be if we converted to https right away.


I will make this my top priority but do value and appreciate further feedback.

Asher
 

Doug Kerr

Well-known member
Hi, Asher,

My images are harbored on my personal site, provided by AT&T Web Hosting. It does not use the HTTPS protocol. Or perhaps I have not arranged for it to do so for me.

I will look into this.

Best regards,

Doug
 

Jerome Marot

Well-known member
Flickr uses https.

Also: I checked with chrome on another https site with images unencrypted. You don't get a warning unless you explicitly ask chrome to check the connection. I would not consider it a priority to solve that image problem, especially for older images.

Well I could test it out!

I will first update my own FTP site with my provider.

Thanks,

Asher
 

Doug Kerr

Well-known member
This issue brings new interest to the prospect that the OPF forum system could itself harbor images posted by members. I enjoy this capability on several other forums in which I participate. (Well, one of those is a forum in which I used to participate, but I was thrown off it by the vorsitzer for being a troublemaker. Can you imagine that?)

I have no idea, Asher, what the burden would be to you putting into play such an arrangement, but I hope that you would give it another serious look.

I realize that adopting an HTTPS basis for OPF, even with such a facility in place, with the implications we have been informed of as to links with external media on a non-HTPPS site, would raise the spectre of grave disruption of the existing oeuvre.

Best regards,

Doug
 

Doug Kerr

Well-known member
Hi, Asher,

I understand now that password transmission is your key concern. I would hope then that folk do not use one password for every social network.

It has never been my practice to use a common password for different forums and other sites.

Best regards,

Doug
 

Asher Kelman

OPF Owner/Editor-in-Chief
This issue brings new interest to the prospect that the OPF forum system could itself harbor images posted by members. I enjoy this capability on several other forums in which I participate. (Well, one of those is a forum in which I used to participate, but I was thrown off it by the vorsitzer for being a troublemaker. Can you imagine that?)

I have no idea, Asher, what the burden would be to you putting into play such an arrangement, but I hope that you would give it another serious look.

I realize that adopting an HTTPS basis for OPF, even with such a facility in place, with the implications we have been informed of as to links with external media on a non-HTPPS site, would raise the spectre of grave disruption of the existing oeuvre.

Best regards,

Doug


That is why I want to get someone to write and app that



  • Will crawl through OPF: download all the images and place them in the photographer's gallery here for free. We would automatically make a link for the file in each such post.
  • Going forward: all pictures would simply be uploaded here.
  • Galleries: Could be a store where folk, (if they wish), license images or sell prints.



Asher
 

Jerome Marot

Well-known member
I realize that adopting an HTTPS basis for OPF, even with such a facility in place, with the implications we have been informed of as to links with external media on a non-HTPPS site, would raise the spectre of grave disruption of the existing oeuvre.

What are you talking about? A forum accessible under https only with images linked on http is not a problem. I checked using chrome this very morning. It works, the user really has to get out of their way to check whether there is a problem and, if you ask for a message, the message is that the images are not safe but the web page is.
 

Asher Kelman

OPF Owner/Editor-in-Chief
Jerome,

Sorry, I don't quite follow, except you imply there is no big issue for us to worry about.

What do you mean by "if you ask for a message"? From what or whom?

Will the http-linked images appear normally? Will Google under some circumstances you know about ding us as "unsafe"?

Why do others recommend various state gems to deal with this if there is no practical problem?

I am just learning from everyone else and the links that have been provided which suggest extra actions beyond not worrying!

Asher
 

Doug Kerr

Well-known member
Hi, Jerome,

What are you talking about? A forum accessible under https only with images linked on http is not a problem. I checked using chrome this very morning. It works, the user really has to get out of their way to check whether there is a problem and, if you ask for a message, the message is that the images are not safe but the web page is.

I am not in any way an expert on this.

I thought I had seen earlier in this thread that there would be some scenario in which when a forum working on an HTTPS protocol basis, resources on sites operating on an HTTP basis (notably, images harbored on such a site) might not be accessible. Perhaps the intimation is that it would be the browser that would decline to do that.

Or perhaps that discussion pertained to an altogether different scenario, where the "main" site itself (e.g., a forum site) somehow had to retrieve certain resources, which it would refuse to do if they were on sites not prepared to operate with the HTTPS protocol.

Of course, that is not our current situation - the OPF software does not retrieve the images embedded in forum posts - that is done by the individual viewer's browser.

So I should perhaps not have made that comment.

Best regards,

Doug
 

Jerome Marot

Well-known member
Sorry, I don't quite follow, except you imply there is no big issue for us to worry about.

Yes.

What do you mean by "if you ask for a message"? From what or whom?

You ask the browser by clicking the symbol left of the site address.

Will the http-linked images appear normally?

Yes.

Will Google under some circumstances you know about ding us as "unsafe"?

Why do others recommend various state gems to deal with this if there is no practical problem?

I can't answer these 2 questions because they imply predicting future events beyond my control.

I am just learning from everyone else and the links that have been provided which suggest extra actions beyond not worrying!

In some cases extra actions may be needed.

Let me describe what happens when connecting to a https web site with http images with the browsers I could test on my Macbook:

-Safari: nothing happens, site displays normally.

-Chrome: site displays normally with a small gray symbol left to the url. Clicking on that symbol explains "Your connection to this site is not fully secure. Attackers might be able to see the images you're looking at on this site and trick you by modifying them" as explained here.

-Firefox: site displays normally with an orange symbol left to the url. Clicking on that symbol explains basically the same as under Chrome, see here.
 

Asher Kelman

OPF Owner/Editor-in-Chief
Thanks, Jerome for your patience and explanations.

I believe then I can go forward with converting to a more secure website.

I will also make an effort to get someone to help me with the IT.

If there is anyone who knows PHP who wishes to volunteer, let me know.

Asher
 
Top