SIte security- https

[pete.young]

The site appears to be http only, with no consideration given to https. I get the padlock icon with a red line through it on Firefox telling me that passwords could be compromised, and similar warnings from Chrome and Vivaldi. I don't recall seeing this on the old site.

Bearing in mind that you are asking for not only passwords, but credit card details and paypal details in the shop section, https needs to be implemented immediately. I'd also recommend that you implement hsts and turn off http altogether, this is 2017 and there's really no reason to do it any other way.

[charic]

And now SSL is live, thanks for your patience everyone

[nilebodgers]

Using "Let's Encrypt" to get free auto-renewing SSL certificates is very easy these days, so there is no excuse for a HTTP-only site.

[ped]

1 hour ago, pete.young said:

The site appears to be http only, with no consideration given to https. I get the padlock icon with a red line through it on Firefox telling me that passwords could be compromised, and similar warnings from Chrome and Vivaldi. I don't recall seeing this on the old site.

Bearing in mind that you are asking for not only passwords, but credit card details and paypal details in the shop section, https needs to be implemented immediately. I'd also recommend that you implement hsts and turn off http altogether, this is 2017 and there's really no reason to do it any other way.

Yes sir!

[fleabag]

Crocodile sandwich please

[charic]

SSL certificate is high priority but we couldn't organise it until the site was already live with the correct server and domain.

It's on the list!

@ped - if it's not on the list can you put it on the list? ?

[Rikki_Sixx]

Good effort getting an SSL certificate sorted so quickly! 

[charic]

21 minutes ago, Rikki_Sixx said:

Good effort getting an SSL certificate sorted so quickly! 

Note quite there, but it's almost done

[nilebodgers]

1 minute ago, charic said:

Note quite there, but it's almost done

Quick work! Just a few scripts trying to pull content via non-https sources to fix & job's a good 'un.

[charic]

6 minutes ago, nilebodgers said:

Quick work! Just a few scripts trying to pull content via non-https sources to fix & job's a good 'un.

Got an example I can check?

[nilebodgers]

2 minutes ago, charic said:

Got an example I can check?

e.g. the attached pic

[charic]

I know where that is

Cheers!

[charic]

And alakazam! it is done!

[fleabag]

Oh beautiful work,  Char.

 

You should get a job working with with software.  

[pete.young]

Excellent work, many thanks, and sorry for being a bit rude!

[MisterT]

The mediaplex http thing is back on the Elixir strings gif...

 

http://img-cdn.mediaplex.com/0/25163/182158/UK_BassStomp_468x60_new.gif?mpqs=&mpssl=1&mpvc=

 

[charic]

Yup I know

[MisterT]

👍