Announcement

Collapse
No announcement yet.

Some few HTTPS odds...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Some few HTTPS odds...

    Now HTTPS seems to be more or less working on phoronix, at least it seems now forum login could happen over https (though I guess I should check all URLs twice). Yet, there're some few more HTTPS-related odds I've spotted so far.

    1) https://www.phoronix.com/vr.php?view=22983 (clicking "Linux 4.6 Set To Bring A Significant Number Of New Features" from main page) works in really strange way, redirecting to ... non-secure version of page, losing https. Explicitly fetching https version at https://www.phoronix.com/scan.php?pa...features&num=1 works though. But if I go into this article from main page, https is lost and unsecured version shown instead. Maybe it somehow related to the fact it is "featured article"? Other articles appears to be okay. So if I load few tabs from main page to read interesting pages, it ends like some of them are HTTPS and some of them are not. And it seems I've nailed at least one strange URL behaving like that.

    2) Some resources on HTTPS pages are still referenced from non-secure versions, at very least I've spotted http://www.phoronix.com/phxcms7-css/phoronix.png

    3) https://www.phoronix.com/scan.php?pa...nt-Explanation links to "http://www.phoronix.net/image.php?id=2016&image=bus1_docs_ipc_med" image, over http.

    This causes browsers to consider web site insecure and issue warnings.

    From practical standpoint, if "secure" web site requests unencrypted content, attackers could intercept unencrypted requests and return arbitrary hostile stuff instead, eventually taking over whole browsing process. Needless to say it reduces usefulness of https quite a lot. That's what browser is trying to tell.
    Last edited by SystemCrasher; 03-27-2016, 08:27 AM.
Working...
X