Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page Forcing vBulletin to use HTTPS
FAQ Community Calendar Today's Posts Search

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #11  
Old 06-09-2014, 06:57 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by CAG CheechDogg View Post
From what I understand, only those elements which are not on https are not encrypted, everything else that is behind https is .. unless you have actual documentation that what you are saying is true the purpose of having "your" content or elements behind https is for just that, to encrypt that which is behind https...
It's highly unlikely that someone will perform a MITM attack with mixed content, but it is possible. I'm talking about external resources though. (resources which are not hosted on the current domain)

http://www.troyhunt.com/2013/06/unde...d-content.html
https://support.google.com/chrome/answer/1342714?hl=en
https://community.qualys.com/blogs/s...y-to-break-ssl
http://webmasters.stackexchange.com/...-https-session
http://www.securitee.org/files/mixedinc_isc2013.pdf
Reply With Quote
  #12  
Old 06-09-2014, 08:05 PM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Correct, but even images hosted on external domains behind only http dont do any harm, they are categorized as passive and all browsers do that, correct?

Browsers warn you that there is mixed content when you have content coming from outside non https hosted domains, that is just warning the users that downloading certain content may be dangerous but it's not necessarily dangerous which is the case with images.

So only those elements which are not behind http can pose a threat or be unencrypted ... that is how I understand it works.

Quote:
Today, almost all major browsers tend to break mixed content into two categories: passive for images, videos, and sound; and activefor more dangerous resources, such as scripts. They tend to allow passive mixed content by default, but reject active content. This is clearly a compromise between breaking the Web and reasonable security.
Reply With Quote
  #13  
Old 06-10-2014, 06:31 AM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by CAG CheechDogg View Post
Correct, but even images hosted on external domains behind only http dont do any harm, they are categorized as passive and all browsers do that, correct?

Browsers warn you that there is mixed content when you have content coming from outside non https hosted domains, that is just warning the users that downloading certain content may be dangerous but it's not necessarily dangerous which is the case with images.

So only those elements which are not behind http can pose a threat or be unencrypted ... that is how I understand it works.
Browsers with good security will block it from being loaded, until you give it the okay to be. That would be Firefox/IE. Not sure if chrome does that yet.
Reply With Quote
  #14  
Old 06-10-2014, 07:04 AM
CAG CheechDogg's Avatar
CAG CheechDogg CAG CheechDogg is offline
 
Join Date: Feb 2012
Location: Riverside, California USA
Posts: 1,080
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
On my site no browser blocks images behind just http, any scripts yes especially iframes , but images always load up without having to give the ok ... that's on all the browsers ...
Reply With Quote
  #15  
Old 06-22-2014, 12:15 AM
thetechgenius's Avatar
thetechgenius thetechgenius is offline
 
Join Date: Jun 2014
Posts: 258
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
My entire Vbulletin 4 forum is running though SSL/HTTPS, and it runs perfectly fine. I even installed some Optimized Addons to make the pages load faster.

I havent had any problems at all with running my forum on HTTPS.

Yeah, if someone posts an image from a site using HTTP with the Image BBCode, there will be a tiny little Yellow sign (Chrome) in your browser on top of the Padlock. But no one sees a Security Warning or anything like that. Honestly, you wouldn't even know about the Tiny Yellow Sign if you weren't looking for it, because it really isnt a big deal. If it was a big deal, the user will see a Big Security Warning before he or she enters the page.

But like I said, running SSL with vBulletin is fine. It runs really, really well. I have even setup my web.config (Windows Server 2008R2) to redirect users to HTTPS. So if they type in "mysite.com" in their address bar, it would redirect them to https://mysite.com.

I setup a Test Thread on my site, and I posted an image from tinypic.com that uses HTTP and not HTTPS.

Check it out for yourself:
https://thetechgenius.net/threads/4-Test-Thread
Reply With Quote
  #16  
Old 06-23-2014, 02:15 AM
webmastersun's Avatar
webmastersun webmastersun is offline
 
Join Date: Oct 2013
Location: www.webmastersun.com
Posts: 433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by IndigoSociety View Post
How would I convert my forum to run on HTTPS instead of HTTP?

Does vBulletin support this mainly out of the box? I can't find anything on this besides a "hacky" vbulletin.com forum post.
Using htaccess will be good way for this, do some researches for information.
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:01 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03877 seconds
  • Memory Usage 2,217KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete