ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Sep 20, 2018 9:50 pm

All times are UTC




Post new topic  Reply to topic  [ 11 posts ] 
Author Message
PostPosted: Tue Jan 24, 2017 8:48 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
If you are logging in the forum from an untrusted connection (free wifi, or a wifi not owned/controlled by you) then you may prefer to use the secure connection to the forum:
https://zenhax.com

Both HTTP and HTTPS remain available:
  • If you are at your home: use HTTP (maybe faster) or HTTPS
  • If HTTPS gives you problems: use HTTP
  • If HTTPS doesn't work in a certain moment: temporary try HTTP
  • If you are in an Internet Cafe or other public places: use HTTPS


Top
   
PostPosted: Sun Jan 29, 2017 4:03 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
I would like your opinion about:
  • leaving everything as is now, so it's up to the user to use the http or https website
  • forcing the https website
What you would prefer and suggest?

Nowadays it's common practice to force https if available making impossible for an user to use the "old" unencrypted connection, but personally I think that leaving both would be better so the forum will be ever accessible in case of problems (old web browser or port 443 unreachable or problems on the https service).


Top
   
PostPosted: Sun Jan 29, 2017 7:43 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 100
Leaving both should be fine, let the user choose what they want to use. Perhaps make mention somewhere easily seen that the site offers https as well in case people miss it or don't see these update threads.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Mon Jan 30, 2017 11:08 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
Added a note in the "Site description" and set this topic as "Global"


Top
   
PostPosted: Thu Feb 02, 2017 5:03 pm 

Joined: Wed Aug 31, 2016 6:12 pm
Posts: 15
I agree, keep both options.


Top
   
PostPosted: Sun Jan 07, 2018 2:53 pm 

Joined: Tue May 30, 2017 1:10 am
Posts: 25
If SSL certificate expires, Firefox browser won't let you visit the website. I can't even visit that other site, xentax, right now, because they are too lazy to renew their SSL certificate. So, significant loss of web traffic if SSL certificate goes *poof*.


Top
   
PostPosted: Sun Jan 07, 2018 3:38 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
That should not happen here on zenhax because certificates are automatically renewed.


Top
   
PostPosted: Fri Sep 14, 2018 5:29 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
Now HTTPS is available on my website too: https://aluigi.altervista.org

HTTPS is useful only if you are going to download quickbms or other tools from untrusted connections (public wifi) and, exactly like on zenhax, both http and https are and will remain active without any "forced" https.

The only downside of enabling https is that it required to use cloudflare and consequently some parts of the website may not be 100% original, just small things like for example my email address on top of the page that is no longer visible without javascript ([email protected]).
Or maybe some files that are magically no longer available even if they are phisically on the server like http://aluigi.altervista.org/poc/chromerda.zip (mah?)

Anyway who cares, now https is there so you can use it if you need it.

https is available also on the https://aluigi.zenhax.com mirror but the certificate is the same of zenhax.com and the browser may annoy you.


Top
   
PostPosted: Sat Sep 15, 2018 12:18 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 100
Your file link for https://aluigi.altervista.org/poc/chromerda.zip returns a 403 (forbidden) code, so it looks to be a configuration issue on your server causing it to fail.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Sat Sep 15, 2018 2:59 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8801
I removed and reuploaded the file and now it works correctly.
It was a mistery issue randomly found by mistake, it's perfectly possible that it gave the same error even before :)
Apparently cloudflare "hijacks" (in a non-negative sense) the html pages only.


Top
   
PostPosted: Sat Sep 15, 2018 9:58 pm 

Joined: Sat Sep 15, 2018 9:55 pm
Posts: 1
aluigi wrote:
I would like your opinion about:
  • leaving everything as is now, so it's up to the user to use the http or https website
  • forcing the https website
What you would prefer and suggest?

Nowadays it's common practice to force https if available making impossible for an user to use the "old" unencrypted connection, but personally I think that leaving both would be better so the forum will be ever accessible in case of problems (old web browser or port 443 unreachable or problems on the https service).

i agreed with both of you thanks....


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 11 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited