Under Review https - SSL login / https - SSL sessions for public wifi

Discussion in 'Feedback/Support/Suggestions' started by GoneFlying, Mar 26, 2011.  |  Print Topic

  1. GoneFlying
    Original Member

    GoneFlying Silver Member

    Messages:
    39
    Likes Received:
    75
    Status Points:
    230
    I did a search and saw a thread / poll in the beta subforum where I could not post, but I would like to see an https (SSL) option for MP.

    Many of us who travel use public WiFi networks from time to time - with http, everything you transmit & receive, including passwords, could easily be picked up. Many sites from wikipedia to facebook have added https support, not only for the login, but for most to all of the session. Even my google searches are done with SSL.

    I would love to see SSL on MP -- would be a huge plus for security.

    FWIW, I am on a public network in Costa Rica at the moment and use a firefox plugin called https always - this enables / forces use of https / ssl encryption on sites that support it.

    GoneFlying
     
    rehoult and _kurt like this.
  2. Tim
    Original Member

    Tim Admin

    Messages:
    445
    Likes Received:
    428
    Status Points:
    525
    Thanks for the suggestion GoneFlying, I have added this to our in progress update to the master list (we are currently changing it to reflect some recent changes/decisions).
     
    rehoult likes this.
  3. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    If you use firefox I'd suggest using the Blacksheep extension as well whenever on public WiFi to make sure nobody is attempting HTTP session hijacking via Firesheep.
     
    rehoult and Tim like this.
  4. unavaca
    Original Member

    unavaca Gold Member

    Messages:
    8,547
    Likes Received:
    11,224
    Status Points:
    14,495
    Bump. Any progress on this? Amazon has had HTTPS support on ELBs since late 2010 -- would love to see the whole site go HTTPS, even on an opt-in basis.
     
  5. unavaca
    Original Member

    unavaca Gold Member

    Messages:
    8,547
    Likes Received:
    11,224
    Status Points:
    14,495
    Bump. Still interested in site-wide SSL.
     
    rehoult, eponymous_coward and viguera like this.
  6. Jaimito Cartero
    Original Member

    Jaimito Cartero Silver Member

    Messages:
    595
    Likes Received:
    848
    Status Points:
    770
    Mooooo, me too.
     
    rehoult, unavaca and eponymous_coward like this.
  7. eponymous_coward
    Original Member

    eponymous_coward Gold Member

    Messages:
    1,901
    Likes Received:
    2,971
    Status Points:
    1,470
    Me three.
     
    rehoult and unavaca like this.
  8. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,503
    Likes Received:
    20,197
    Status Points:
    16,520
  9. unavaca
    Original Member

    unavaca Gold Member

    Messages:
    8,547
    Likes Received:
    11,224
    Status Points:
    14,495
    Q3 bump :rolleyes:
     
    rehoult and eponymous_coward like this.
  10. havequick99

    havequick99 Active Member

    Messages:
    8
    Likes Received:
    4
    Status Points:
    90
    Keeping this one going - I'd like to see SSL for at least the login. Please?
     
    rehoult likes this.
  11. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    In the mean time you guys can use VPN on public networks.
     
    rehoult likes this.
  12. Randy Petersen
    Original Member

    Randy Petersen Founder

    Messages:
    2,731
    Likes Received:
    15,136
    Status Points:
    10,520
    looked into it. Not altogether that major of a change other than a lot of backend work on some redirects especially in the bb code media sites such as YouTube. Might be a few challenges with some browsers as we understand that there are instances that block any active content requested via http from an https page. Old caches, etc. Not a priority right now as we add in a few more features over the best few weeks but we have no objection to it and it likely makes it easier overall on Milepoint as we work toward extending Premium Membership and other offers. Of course it makes sense when we think about how we are integrating Bitcoin payment into a few things as well (winky, winky).

    Appreciate the interest/guidance and again, no real objections here—just timing and really good due diligence on potential snags. If we do it, we'd be the first ...
     
    havequick99 and rehoult like this.
  13. rehoult
    Original Member

    rehoult Gold Member

    Messages:
    595
    Likes Received:
    1,890
    Status Points:
    1,020
    Thanks for the update Randy. Would love to see this happen.
     
  14. Randy Petersen
    Original Member

    Randy Petersen Founder

    Messages:
    2,731
    Likes Received:
    15,136
    Status Points:
    10,520
  15. unavaca
    Original Member

    unavaca Gold Member

    Messages:
    8,547
    Likes Received:
    11,224
    Status Points:
    14,495
    Woohoo!
     
    eponymous_coward likes this.
  16. Rob
    Original Member

    Rob Gold Member

    Messages:
    10,387
    Likes Received:
    14,165
    Status Points:
    16,520
    Also woohoo!
    One slight bug though is that things like embedded youtube videos don't show up in Chrome because they're still referenced as http:// resources and Chrome doesn't like mixed-mode resources. One way around this is to just use protocol relative urls (http://www.paulirish.com/2010/the-protocol-relative-url/).
     
    unavaca and Mark like this.
  17. unavaca
    Original Member

    unavaca Gold Member

    Messages:
    8,547
    Likes Received:
    11,224
    Status Points:
    14,495
    Youtube videos are still broken :(
     
  18. blackjack-21

    blackjack-21 Gold Member

    Messages:
    1,437
    Likes Received:
    3,000
    Status Points:
    1,910
    I had been using http since last October when I first joined MP and all worked well. The other day when I noticed the more secure https way to get here I switched immediately to using that from my favorites list. But since then, using the secure signin, each page that I go to after signing in comes with a warning that the website has an unsigned, or insecure or outdated certificate. The warning arrives as a popup on the bottom of the page, and each time I accept the page anyway, it still appears as a warning on any succeeding page I visit. I think the warning may be from Microsoft as I'm using their browser, but it also may be from Norton. But it's too annoying to have to accept each page or thread on here, so I've gone back to the old http page to get to MP, as that one doesn't get the security warning popup for every page.
     
  19. Rob
    Original Member

    Rob Gold Member

    Messages:
    10,387
    Likes Received:
    14,165
    Status Points:
    16,520
    Youtube videos work :) Yay!
    Thanks for fixing them
     
  20. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    I know most MP-er's don't rely on SSL for MilePoint sessions (myself included), but I noticed MP still has SSLv3 enabled with no support for newer TLS protocols. Just an FYI.
    VPN is still the safer bet now if you're accessing MP from a public AP.
     
  21. Mark
    Original Member

    Mark Admin Staff Member

    Messages:
    487
    Likes Received:
    1,019
    Status Points:
    795
    Hi @Sammich - was just informed that this was fixed about 5 minutes ago
     
    Sammich likes this.
  22. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Cheers Mark for the quick fix! :)
     
  23. Mark
    Original Member

    Mark Admin Staff Member

    Messages:
    487
    Likes Received:
    1,019
    Status Points:
    795
    Putting this here so some of you get notifications. DO NOT use secure.milepoint.com right now - if you do you'll only be seeing old content.
     
    Sammich likes this.
  24. Mark
    Original Member

    Mark Admin Staff Member

    Messages:
    487
    Likes Received:
    1,019
    Status Points:
    795
    Sammich and Rob like this.
  25. Rob
    Original Member

    Rob Gold Member

    Messages:
    10,387
    Likes Received:
    14,165
    Status Points:
    16,520
    Sammich likes this.

Share This Page