Open Photography Forums  
HOME FORUMS NEWS FAQ SEARCH

Go Back   Open Photography Forums > OPF Welcome Hall > OPF Look, Feel, and Vibe

OPF Look, Feel, and Vibe Comments & suggestions to the site.

Reply
 
Thread Tools Display Modes
  #1  
Old August 13th, 2018, 07:39 PM
fahim mohammed fahim mohammed is offline
Senior Member
 
Join Date: May 2008
Posts: 7,361
Default Asher really needs to move with the times!

OPF is not a secure site.

While it doesn’t bother me, as I know the OPF’s barman, I however think it should be secured by an https at least.

I am bugged by the continuous ‘ this site is not secure ‘ warnings.
__________________
koffee and kamera
Reply With Quote
  #2  
Old August 13th, 2018, 08:42 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by fahim mohammed View Post
OPF is not a secure site.

While it doesn’t bother me, as I know the OPF’s barman, I however think it should be secured by an https at least.

I am bugged by the continuous ‘ this site is not secure ‘ warnings.
Hmm,

I never gets such warnings here!

Still I am happy to oblige. How does it make a difference?

I will ask around!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #3  
Old August 13th, 2018, 10:14 PM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: El Salvador / Ontario, Canada
Posts: 2,174
Default

Quote:
Originally Posted by Asher Kelman View Post
Hmm,

I never gets such warnings here!

Still I am happy to oblige. How does it make a difference?

I will ask around!

Asher
I found this article which make clarify a bit. https://www.infront.com/blog/the-blo...ine-for-chrome

You can identify a secure https:// website with the lock beside the URL in the browser. All of my websites use the https:// protocol. As an example you will see the lock in the address bar for my site https://arwpix.com . I write a lot of apps that use the Google Maps API, weather API, and others for embedding content in sites - that now require an https website to work. If the apps are to use http, that functionality does not work.

It could well be that your web hosting provider offers free SSL certificates - or supply ones through cPanel. If not, you will need to purchase one on a yearly basis. The free SSL certificates are not secure enough for use on E-Commerce sites, but Google does accept the popular ones and allows your website to be accessed without warnings. Setup or certain links in your forum software may need to be updated for directing to https:// instead of http://. There should be instructions on the software website.


———-
Reply With Quote
  #4  
Old August 13th, 2018, 11:08 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Fahim and Robert,

Thanks for making me more aware of the nomenclature and Google’s new policies.

Nevertheless, there’s nothing “insecure”, AFAIK about NOT having an Https designation when we don’t deal with your credit card or bank account numbers! We are not like Amazon or PayPal!

Your pictures can just as easily be stolen on an https site as on a regular site.

However, from July 2018, as a business policy decision, Google Chrome decides that not have an SLS security certificate gets you designated as “unsafe”. It’s a valid as saying Irish with tuberculosis make the best poets! Except at least there is some trace of truth to that!

I use Safari mostly and so far have seen no such “unsafe” warnings.

Still, I have no problem with prophylactics, but really, is it needed?

I will explore this with my providers as I promised above!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #5  
Old August 14th, 2018, 05:09 AM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Unless I am mistaken, it does not seem that the connection is encrypted when logging in or registering, when the password is transmitted. That is indeed a problem.

If I am wrong and the connection is encrypted when transmitting the password, then opf already has a ssl certificate. Using it for all connections should not be too difficult.

Free ssl certificates can be obtained here: https://letsencrypt.org
Reply With Quote
  #6  
Old August 14th, 2018, 06:48 AM
Doug Kerr Doug Kerr is offline
Senior Member
 
Join Date: May 2006
Location: Alamogordo, New Mexico, USA
Posts: 8,558
Default

I'm not sure I understand the issue here. OPF posts are readily findable with Google and then viewable. I'm not sure what CTD (cyber transmitted disease) the recommended secure transmission mode is a prophylactic against.

Best regards,

Doug
Reply With Quote
  #7  
Old August 14th, 2018, 08:14 AM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: El Salvador / Ontario, Canada
Posts: 2,174
Default

Quote:
Originally Posted by Doug Kerr View Post
I'm not sure I understand the issue here. OPF posts are readily findable with Google and then viewable. I'm not sure what CTD (cyber transmitted disease) the recommended secure transmission mode is a prophylactic against.

Best regards,

Doug
It’s not for protecting OPF or hiding content from Google or anyone else. HTTPS is used more often by webusers than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private (Words from Wikipedia). The thing is that since https is being mandated now, the user experience of websites will be affected and when people turn away from sites when they see that it is not secure, that will affect OPF as well.

True not everyone uses Chrome browser, but according to stats counters, around 60% of desktop and mobile web browsing is with Chrome. Even on tablets as high a 40%. That aside, Safari and Firefox and probably before long, the others - are following the standard of providing Not Secure warnings for non https sites or ones that include log in forms from non https.

It’s really that we website owners have no choice but to switch, if we want people to visit our website. A lot of business websites include Google maps of their location on their Contact Page. That can no longer be done on a non-secure http website.
Unless I misunderstood what you are saying in your comment Doug.


———
Reply With Quote
  #8  
Old August 14th, 2018, 08:33 AM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Quote:
Originally Posted by Doug Kerr View Post
I'm not sure I understand the issue here. OPF posts are readily findable with Google and then viewable. I'm not sure what CTD (cyber transmitted disease) the recommended secure transmission mode is a prophylactic against.
Transmitting passwords in the clear is not so cool, is it?
Reply With Quote
  #9  
Old August 14th, 2018, 10:59 AM
Doug Kerr Doug Kerr is offline
Senior Member
 
Join Date: May 2006
Location: Alamogordo, New Mexico, USA
Posts: 8,558
Default

Quote:
Originally Posted by Robert Watcher View Post
It’s not for protecting OPF or hiding content from Google or anyone else. HTTPS is used more often by webusers than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private (Words from Wikipedia). The thing is that since https is being mandated now, the user experience of websites will be affected and when people turn away from sites when they see that it is not secure, that will affect OPF as well.

True not everyone uses Chrome browser, but according to stats counters, around 60% of desktop and mobile web browsing is with Chrome. Even on tablets as high a 40%. That aside, Safari and Firefox and probably before long, the others - are following the standard of providing Not Secure warnings for non https sites or ones that include log in forms from nine https.

It’s really that we website owners have no choice but to switch, if we want people to visit our website. A lot of business websites include Google maps of their location on their Contact Page. That can no longer be done on a non-secure http website.
Thanks for the insight.

Quote:
Unless I misunderstood what you are saying in your comment Doug.
No, I think you got my question.

Best regards,

Doug
Reply With Quote
  #10  
Old August 15th, 2018, 08:12 AM
Winston Mitchell Winston Mitchell is offline
Member
 
Join Date: May 2006
Location: Boise, Idaho
Posts: 449
Default

I'm using Firefox...no problems, warnings or anything else.
Reply With Quote
  #11  
Old August 15th, 2018, 09:19 AM
Peter Dexter Peter Dexter is offline
Senior Member
 
Join Date: Nov 2016
Location: Colombia
Posts: 749
Default

Also use safari...no warnings.
Reply With Quote
  #12  
Old August 15th, 2018, 09:22 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by Winston Mitchell View Post
I'm using Firefox...no problems, warnings or anything else.
Quote:
Originally Posted by Peter Dexter View Post
Also use safari...no warnings.


Exactly!

Still, Google is akin to the State of California in Power and influence. When they devise new standards, (as far as I know all reasonable), their market share is so important that most industries comply as if they were the Federal Government!

In fact we’re are as secure as any other website, for photography content. Https site are definitely needed to secure credit card and password information.

I plan to buy the needed SLS certificates but will look at this matter in a week!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #13  
Old August 15th, 2018, 10:04 AM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: El Salvador / Ontario, Canada
Posts: 2,174
Default

Quote:
Originally Posted by Asher Kelman View Post
Exactly!

Still, Google is akin to the State of California in Power and influence. When they devise new standards, (as far as I know all reasonable), their market share is so important that most industries comply as if they were the Federal Government!

In fact we’re are as secure as any other website, for photography content. Https site are definitely needed to secure credit card and password information.

I plan to buy the needed SLS certificates but will look at this matter in a week!

Asher
Asher there is no need to buy SSL certificate unless you are processing credit card payments or other hyper sensitive info on your website that requires the highest of security. The price goes quite high as security level goes up. But it certainly won’t harm anything to purchase one if that is your choice.

There are several free SSL certificates available that are adequate so you can use the https protocol and are accepted by the browsers as secure enough to deem a website safe. Especially for login forms and API calls. As Jerome mentioned there is letsencrypt- I provide for my web hosting clients, the free AutoSSL from Comodo that is part of the cPanel package - if your hosting provider has enabled that with their service.

As to whether one person or another gets a warning, isn’t the issue. Most of us appreciate when there is a level of security (SSL) when entering our user information (especially password) when logging in - which is done to gain full access to the OPF forum. The potential snooping when data is being transferred as page requests - that https protocol makes difficult - is a separate matter than the equally concerning way that passwords and other personal information is being stored on the server by the website software.

If that doesn’t bother some, their choice is to be at risk. But most internet user are becoming more and more concerned about security when browsing and rightly so. That is what Google has been addressing for several years now and is mandating this year. It’s a good thing. It may result in a little inconvenience for the webmaster to implement, but not for anyone else.


https://blog.mozilla.org/tanvi/2016/...r-http-please/


————

Last edited by Robert Watcher; August 15th, 2018 at 03:22 PM.
Reply With Quote
  #14  
Old August 15th, 2018, 02:46 PM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

As I already wrote, SSL would be necessary to ensure that our passwords are not transmitted in the clear. There is a risk that someone gets a user password and impersonates a member. The risk is small, but real.

The rest is up to the site administrator, but it is usually simpler to add SSL for the whole site.

As to certificates, your hosting provider may already have one for you or you can get one for free from let's encrypt: https://letsencrypt.org
Reply With Quote
  #15  
Old August 15th, 2018, 03:15 PM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: El Salvador / Ontario, Canada
Posts: 2,174
Default

Quote:
Originally Posted by Jerome Marot View Post
As I already wrote, SSL would be necessary to ensure that our passwords are not transmitted in the clear. There is a risk that someone gets a user password and impersonates a member. The risk is small, but real.

The rest is up to the site administrator, but it is usually simpler to add SSL for the whole site.

As to certificates, your hosting provider may already have one for you or you can get one for free from let's encrypt: https://letsencrypt.org
Not only grabbing a user password to impersonate a member - but any hacker knows that all kinds of people (members) use the same user name and password to access not only other websites and forums, but also use the same password for online shopping or personal banking access. As you mention, the risk is small - but it is real.


——-
Reply With Quote
  #16  
Old August 16th, 2018, 12:55 AM
Nicolas Claris Nicolas Claris is offline
Administrator/Moderator
 
Join Date: Apr 2006
Location: Bordeaux
Posts: 5,772
Default

I have transmitted all infos to Asher to move to https with OPF server.
But he is abroad, let him have some time.
Asher is aware :-)
BTW, Robert, you're right about people using the same passwd for many sites, but there have been many many warns on the web about this issue. If people are stupid enough not to hear that, this is not the website manager who is responsible!
__________________
WEBSITE - FACEBOOK - INSTAGRAM
Please do no repost my images elsewhere than OPF without my permission.
Reply With Quote
  #17  
Old August 16th, 2018, 02:15 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Does https:// hosting also cover the EU data rules of GDPR? Does it apply to us and does it matter?
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #18  
Old August 16th, 2018, 02:26 AM
Nicolas Claris Nicolas Claris is offline
Administrator/Moderator
 
Join Date: Apr 2006
Location: Bordeaux
Posts: 5,772
Default

Quote:
Originally Posted by Asher Kelman View Post
Does https:// hosting also cover the EU data rules of GDPR? Does it apply to us and does it matter?
It is World Wide Web !
Nothing related to gdpr

All our sites are https for long…
__________________
WEBSITE - FACEBOOK - INSTAGRAM
Please do no repost my images elsewhere than OPF without my permission.
Reply With Quote
  #19  
Old August 16th, 2018, 02:53 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by Nicolas Claris View Post
It is World Wide Web !
Nothing related to gdpr

All our sites are https for long…
But what about GDPR?

Will Europeans want that too?

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #20  
Old August 16th, 2018, 03:57 AM
Nicolas Claris Nicolas Claris is offline
Administrator/Moderator
 
Join Date: Apr 2006
Location: Bordeaux
Posts: 5,772
Default

Quote:
Originally Posted by Asher Kelman View Post
But what about GDPR?

Will Europeans want that too?

Asher
As OPF does not store any other matter than what registrants did input themselves for their registration, and since OPF does not trade any informations about members, afaik, OPF does not need to have a warning banner about GDPR.
Would you wish so, GDPR mention could be added to the TOS.
__________________
WEBSITE - FACEBOOK - INSTAGRAM
Please do no repost my images elsewhere than OPF without my permission.
Reply With Quote
  #21  
Old August 16th, 2018, 04:02 AM
Nicolas Claris Nicolas Claris is offline
Administrator/Moderator
 
Join Date: Apr 2006
Location: Bordeaux
Posts: 5,772
Default

But I'm not specialized about GDPR neither am a lawyer!
You might read (which I haven't) : https://gdpr-info.eu
__________________
WEBSITE - FACEBOOK - INSTAGRAM
Please do no repost my images elsewhere than OPF without my permission.
Reply With Quote
  #22  
Old August 17th, 2018, 10:03 AM
fahim mohammed fahim mohammed is offline
Senior Member
 
Join Date: May 2008
Posts: 7,361
Default

As far as I know all US based sites( foto forum sites ) have posted the new EU regulations and members are expected to have read and agreed to them.

Furthermore, to the best of my knowledge, irrespective of the sites’s location it has to comply with the European directive if it is being used in/from EU

Quote:
Originally Posted by Asher Kelman View Post
But what about GDPR?

Will Europeans want that too?

Asher
__________________
koffee and kamera
Reply With Quote
  #23  
Old August 17th, 2018, 11:15 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by fahim mohammed View Post
As far as I know all US based sites( foto forum sites ) have posted the new EU regulations and members are expected to have read and agreed to them.

Well, Fahim, I only checked 2 and they still
Use http not https

http://luminous-landscape.com/

http://www.largeformatphotography.info/

Still, one more, Fuji Rumors and that is already compliant!

https://www.fujirumors.com


Quote:
Originally Posted by fahim mohammed View Post
Furthermore, to the best of my knowledge, irrespective of the sites’s location it has to comply with the European directive if it is being used in/from EU
The EU is acting as a power to make rules beyond its jurisdiction. How can they enforce their rules without the USA pushing back!

Still, I will comply!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #24  
Old August 17th, 2018, 02:25 PM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Quote:
Originally Posted by Asher Kelman View Post
Well, Fahim, I only checked 2 and they still
Use http not https

http://luminous-landscape.com/

http://www.largeformatphotography.info/

Luminous landscape forces https on my mac. Large format photography does not.


Quote:
Originally Posted by Asher Kelman View Post
The EU is acting as a power to make rules beyond its jurisdiction. How can they enforce their rules without the USA pushing back!
If a company makes business with EU citizen, the EU has the means to make them comply.

Quote:
Originally Posted by Asher Kelman View Post
Still, I will comply!
As Nicolas noted, I don't think the GDPR applies to this site, which does not appear to sell the privacy of its members.

OTOH, https would be a smart move as soon as you have the time.
Reply With Quote
  #25  
Old September 3rd, 2018, 02:32 PM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Bump! https still should be set up...
Reply With Quote
  #26  
Old September 3rd, 2018, 03:29 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by Jerome Marot View Post
Bump! https still should be set up...
Thanks for the nudge!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #27  
Old September 3rd, 2018, 04:39 PM
Doug Kerr Doug Kerr is offline
Senior Member
 
Join Date: May 2006
Location: Alamogordo, New Mexico, USA
Posts: 8,558
Default

The preponderance of the sites I visit often use the HTTPS protocol.

On the other hand, The Pumpkin does not.

Best regards,

Doug
Reply With Quote
  #28  
Old October 5th, 2018, 12:16 AM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Bump! https still should be set up...
Reply With Quote
  #29  
Old October 5th, 2018, 12:24 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,778
Default

Quote:
Originally Posted by Jerome Marot View Post
Bump! https still should be set up...
Go to it!

I will ask my hosting service!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #30  
Old October 5th, 2018, 12:51 AM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,789
Default

Asher, I really hate to bother you with that problem, but I feel it is really important.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
On the move Robert Watcher Photojournalism - Street - Documentary 2 August 17th, 2016 04:39 PM
Raccoon on the move Dwayne Oakes Wildlife 6 July 24th, 2009 07:21 AM
Move that body Frank Doorhof Fashion - Glamour - Product - Advertising 2 August 4th, 2008 02:43 AM
Move up to MF and LF - Step 1 Yaron Lenard Medium Format & Large Format Cameras 7 June 27th, 2008 11:32 AM


All times are GMT -7. The time now is 12:05 PM.


Posting images or text grants license to OPF, yet © of such remain with its creator. Still, all assembled discussion © 2006-2017 Asher Kelman (all rights reserved) Posts with new theme or unusual image might be moved/copied to a new thread!