XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > Announcements > Xmail Forum In SSL Mode


Posted by: atomant May 20 2005, 05:12 PM
Hi!

I have setup Xmail Forum to run in SSL mode only with self-signed certificate. This is a small step to secure forum from possible attacks or password steel.

Posted by: nvandijk May 20 2005, 11:55 PM
Hi,

Is it realy needed to run in SSL mode ?
Don't know about other people but I get on every forum post
I click on a warning. Realy not do-able to keep clicking the Yes
button on every item.

Warning message is:

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items.

I think it is the site meter at the upper right corner that I keep getting these warnings about. but those are verry anoying..


Posted by: pierre-oord May 21 2005, 10:50 AM
QUOTE (nvandijk @ May 20 2005, 11:55 PM)
Hi,

Is it realy needed to run in SSL mode ?
Don't know about other people but I get on every forum post
I click on a warning. Realy not do-able to keep clicking the Yes
button on every item.

Warning message is:

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items.

I think it is the site meter at the upper right corner that I keep getting these warnings about. but those are verry anoying..

Indeed they are, I can't find any option in IE to disable the warning message. I think it's indeed the visitor-counter. Maybe run something like webalizer for the stats?

Posted by: atomant May 21 2005, 02:40 PM
Yes, it is a counter. I use Mozilla so I can disable these kind of warnings.

Posted by: dario May 21 2005, 09:23 PM
To disable this in IE:
  • Open the Tools Menu and select Internet Options
  • Click the Security tab
  • Click Custom Level
  • Near to the end of the list you'll find *Display Mixed Content*
  • Click Enable

Posted by: hschneider May 22 2005, 12:10 AM
I think we should offer both SSL and none-SSL. There are still alot of IE users out there. Experience shows that users don't adapt their browsers, they just keep away from a site wich produces permanent popups ...

Posted by: atomant May 22 2005, 08:41 AM
Well this is not possible due to the settings in the forum so you can use non SSL or SSL but not both so I choose SSL. For other users who still use IE - maybe it is a time to test drive Mozilla Firefox. image007.gif

Posted by: jobber_jobber May 22 2005, 11:24 AM
confused.gif The warning in IE is there fore a very good reason, and shouldn't just be disabled because one of your favourite websites begins to irritate during use.

I do use Firefox, at home, but in the office, I can't just install anything on the PC and am forced to use IE.

Some consideration is needed to make a site useable and appealing, and as hschneider says, people will move away because of the irritation.

I am minded to question what value the sitemeter has, once a forum becomes popular, we all know it gets lots of visitors. Either that or perhaps you could implement your own counter, from the same SSL secured site?

Regards,

Jobber

Posted by: hschneider May 22 2005, 01:26 PM
The counter can be neglected - we should delete it.

It's more important to get new users. If we make the forum uncomfortable we will loose users and get less new ones.

I would also kick a forum that wants me to install a new browser ...

Security is surely a good thing, but it should not play a bigger role than comfort in a forum's context. It's up to the users to use other passwords than they have for their banking account. So with a hacked password no more damage than posting crap can be done ....




Posted by: atomant May 22 2005, 02:45 PM
Then BYE,BYE counter tongue.gif
You have just been erased cool.gif

Posted by: hschneider May 22 2005, 04:07 PM
Thanks master ! master.gif

Posted by: jobber_jobber May 22 2005, 06:20 PM
Sasa - thank you - much better smile.gif

I'm still getting the warning message box though, and I think it might have something to do with this image - http://xmail.marketmix.com/shared/xhead.gif

Harald - there is no easy way of putting this, but it seems it's the icon you have in all your postings confused.gif

Is there a way that these personal icons can be sourced from the same SSL secured site?

Kind regards,

Jobber

Posted by: hschneider May 22 2005, 06:42 PM
Oops ... done!

Posted by: jobber_jobber May 22 2005, 07:09 PM
Excellent - thanks Harald - this thread is now working like a dream again, not checked others yet!

Posted by: hschneider May 29 2005, 08:20 AM
To all users who host their own avatar images: Please edit your profile and upload them to the forum server !

Posted by: romee Jun 3 2005, 09:33 AM
Hi!
I appreciate the SSL for forum, but:
Is it necessary to use nonstandard port? In work, I've no problem with 20443, but at campus I have permission to access only standards port - so 20443 is blocked for me.
I'm just curious, this si not so important to me, but maybe some other users would have similar problem.

Posted by: atomant Jun 3 2005, 07:10 PM
This is because I have several domain names on one IP and several SSL web pages which use different certificate. If I would use only the standard port then I can't use different certificate for different websites. For more info check on apache website.

Posted by: pierre-oord Jun 7 2005, 04:08 PM
QUOTE (atomant @ Jun 3 2005, 07:10 PM)
This is because I have several domain names on one IP and several SSL web pages which use different certificate. If I would use only the standard port then I can't use different certificate for different websites. For more info check on apache website.

2 Things I can help fixing:

1) Why not both SSL and non-ssl? If you just use apache, there is no need to change forum settings I think, or are all http and https addresses hardcoded in the forum?

2) If not used as download mirrow, I can offer you free hosting on a 100mbit line, servers specs: Athlon 64 3200+, 1GB RAM, Mirroring SATA RAID1, located in Rotterdam, The Netherlands, Datacenter We-Dare. I've got an /25 range of IP's, this forum can have a dedicated IP for SSL. If you are interrested, please send me an email.

Posted by: atomant Jun 7 2005, 05:13 PM
1.) Yes, all the http and https links are hardcoded

2.) I have sent you an email

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)