Home ยป Forum ยป Bug Report and Feature Requests

Forum: Bug Report and Feature Requests

Storiesonline Security

erotistotle ๐Ÿšซ

Is there a problem with site security as site shows "not secure" for the last. 2 days? Is it a problem with site https or is it a problem on my end only?

Replies:   REP
Ernest Bywater ๐Ÿšซ

server and security certificate issues Lazeez is trying to find what the problem is and fix it.

erotistotle ๐Ÿšซ

Thank you for the reply, Ernest.

Replies:   Ernest Bywater
Ernest Bywater ๐Ÿšซ

@erotistotle

You're welcome. There's another thread in this sub-forum to do with the slow server responses that goes into more detail if you want it. Nearly 3 a.m. here and I'm too lazy to hunt it down right now.

Replies:   erotistotle
erotistotle ๐Ÿšซ

@Ernest Bywater

I'm confused and not the most tech savvy (an understatement) of SOL users. If this is the incorrect thread, I apologize in advance.
Problem: When Lazeez switched over to HTTPS, I login to an HTTPS homepage. If I go to a story index page, that too is HTTPS. However, when I go to a chapter that page comes up as HTTP and showing not secure. If I hit the home page button, I go back to an HTTP homepage. I can, of course, edit the address of any HTTP page to HTTPS but chapter advance will go to an HTTP page. I'm sure this is not a critical problem, but I thought a HTTPS certificate would cover the whole site.
I checked Finestories, and the problem doesn't seem to appear there. If this is just a matter of my tech ignorance, it would not be surprising and thank you for your tolerance.

Replies:   Ernest Bywater
Ernest Bywater ๐Ÿšซ

@erotistotle

I'm confused and not the most tech savvy

Don't worry, the current situation is messed up and confusing all the way round. In the past the site was all http, then due to problem caused by a certain major company wishing to run the entire web he was basically forced to switch the site to https with a security certificate for the whole site. Things worked well for a few years, but a couple of months back there started to be significant issues with the security certificate recognition. Lazeez tried different security certificates but that didn't solve the issue. To help the members access the stories he then set the system up to allow the use of http and https (I don't know how he did that) and while it didn't solve the underlying issue it did improve access for members while he went about trying to solve the real problem. I don't know if it's be fixed or not, but the key thing is Lazeez has it working so members can read stories. I'm pretty sure that the log in page is the only definite https at the moment, but I could be wrong.

Replies:   erotistotle
erotistotle ๐Ÿšซ

@Ernest Bywater

Thank you again, Ernest, for the explanation of the difficulties facing Lazeez. I'm simply prone to thinking I've messed up somehow or, as in this case, not understanding the problem.

Replies:   Ernest Bywater
Ernest Bywater ๐Ÿšซ

@erotistotle

You're welcome, I try to help, but I'm not yet a certified marksman.

Replies:   StarFleet Carl
StarFleet Carl ๐Ÿšซ

@Ernest Bywater

I'm not yet a certified marksman.

You never got any qualification badges? For those of us who weren't Marines, we got those. Of course, simply being able to wear the globe and anchor IS your qualification badge.

Also ...

certain major company wishing to run the entire web

Now, now - just because I listened to an interesting discussion about how THEIR search engine was producing massively biased results, while Bing and Yahoo weren't, doesn't mean anything. Honest. (Just in case they're checking.)

Replies:   Not_a_ID
Not_a_ID ๐Ÿšซ

@StarFleet Carl

You never got any qualification badges? For those of us who weren't Marines, we got those. Of course, simply being able to wear the globe and anchor IS your qualification badge.

I never picked up "a qualification medal," and by my 7th year in the service, I already had 4 rows of ribbons on my more formal uniforms. That was with all of 1 "personal award" in the form of the good conduct medal(x2), lol. Of course, I also had the ESWS to go with everything else as well. IF they bothered to update my service record, and I had to wear the dress uniform ever again, I should have most of a 5th row filled out now, thanks to more (retroactive) unit awards that happened after my service ended.

REP ๐Ÿšซ

@erotistotle

I always get a laugh when websites like MSN report that their site's security certificate, or the certificate of a site they host, is not valid.

It makes me wonder if the problem is with the certificate or the host's interpretation of the certificate. One would think that the website would have a valid certificate, and would require that the certificate of the sites they host be valid.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@REP

It makes me wonder if the problem is with the certificate or the host's interpretation of the certificate. One would think that the website would have a valid certificate, and would require that the certificate of the sites they host be valid.

Having worked in IT for nearly four decades, you'd be surprised at how easy it is for that to happen. Admin needs a cert, uses credit card, submits reimbursement. Leaves. Card expires and nobody knows until the cert renewal happens and then it's a mad scramble to find the account, get access, change the payment method, and re-certify (if you have an EV Cert). Rinse and repeat every few years.

I always had policies in place to do my best to prevent it, but given that it nearly always requires a credit card, it's a recipe for expiration of the cert due to the expiration of the card and changing staff. Documentation helps, but then you have to actually pay attention to the documentation.

These days, for anything that doesn't require EV cert, you should just automate certs from the EFF's "Let's Encrypt" service using certbot. Set it up, fire and forget, with email status reminders and notifications. Of course, that means paying attention to the emails...

Replies:   REP
REP ๐Ÿšซ

@Michael Loucks

The message I got from MSN on several occasions within a 6 month period indicated the certificate was invalid. I've seen expired certificate messages also, so I doubt it had to do with the certificate expiring.

Replies:   Michael Loucks
Michael Loucks ๐Ÿšซ

@REP

Ah, OK. Then it could be OSCP which is pretty unreliable (it's supposed to verify the cert wasn't canceled).

doctor_wing_nut ๐Ÿšซ

I'm kind of surprised this issue has gone on so long, Lazeez is pretty good at this stuff.

Replies:   Switch Blayde
Switch Blayde ๐Ÿšซ

@doctor_wing_nut

I'm kind of surprised this issue has gone on so long, Lazeez is pretty good at this stuff.

He's still working on it. I gave him some feedback on Bookapy and he said it will have to wait because of the SOL thing.

Replies:   doctor_wing_nut
doctor_wing_nut ๐Ÿšซ

@Switch Blayde

He's still working on it

I'm sure he is, he's always been diligent and responsive when it comes to site issues. Hope he's not too frustrated.

Back to Top

 

WARNING! ADULT CONTENT...

Storiesonline is for adult entertainment only. By accessing this site you declare that you are of legal age and that you agree with our Terms of Service and Privacy Policy.


Log In