Calguns.net  

Home My iTrader Join the NRA Donate to CGSSA Sponsors CGN Google Search
CA Semiauto Ban(AW)ID Flowchart CA Handgun Ban ID Flowchart CA Shotgun Ban ID Flowchart
Go Back   Calguns.net > CALGUNS.NET > Account Issues, Outage Reports and Technical problems
Register FAQ Members List Calendar Mark Forums Read

Account Issues, Outage Reports and Technical problems Reports, Questions or Requests related to your account and/or forum functionality.

Reply
 
Thread Tools Display Modes
  #1  
Old 01-20-2022, 7:45 PM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default Can we PLEAAASEEE fix the SSL issues?

I log in via the Https version of the site, inevitably I click a link (like the "Home" button) which goes to the http version of the site. My login cookie is no longer valid. The same goes for in-thread links to the non-https version of the site. Oddly, the Home button goes to http:// but other top bar links go to https:// properly.

Those that don't know better will be prompted to log in again, and potentially reveal their login or subject themselves to cookie-jacking.

Apache has no problem directing all non-https requests to https if so configured. This would prevent any database-side work to replace all links, but still make site navigable.

This is IMO a rather serious security concern. If you log into the non-HTTPs version of the site your username and password are sent plain-text. While the login is hashed, it's pretty trivial these days to crack. This means that any intermediary network provider could compromise a calguns member account, and access their respective PMs, posts that are not public, reveal address/phone information that were sent in PMs, payment addresses, etc.

Can we get Apache configured properly, pretty please?
Reply With Quote
  #2  
Old 01-20-2022, 7:49 PM
TKM's Avatar
TKM TKM is offline
Bring back the Lions.
CGN Contributor
 
Join Date: Jul 2002
Location: California's 3A Sanctuary City
Posts: 10,248
iTrader: 74 / 100%
Default

Feel free to contribute.
__________________
Real G?s move in silence like lasagna
Reply With Quote
  #3  
Old 01-20-2022, 8:05 PM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Quote:
Originally Posted by TKM View Post
Feel free to contribute.
If you want to give me shell access to the AWS Instance, sure.

I don't know if apache is configured as a virtual host or we're using .htaccess to control redirection.

Also changes slightly on based on the host OS, etc.

Basically, I'd love to just send you a list of instructions, but I can't do that without somewhat privileged information.
Reply With Quote
  #4  
Old 01-21-2022, 7:13 AM
psssniper's Avatar
psssniper psssniper is offline
Love God Love People
CGN Contributor
 
Join Date: Oct 2005
Location: Corsicana/San Clemente
Posts: 3,046
iTrader: 196 / 100%
Default

https://www.calguns.net/calgunforum/payments.php
__________________
"I do not love the bright sword for its sharpness, nor the arrow for its swiftness; I love only that which they defend.
victus exaro somniculosus, somnus exaro ieiunium
Reply With Quote
  #5  
Old 01-21-2022, 11:13 AM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Quote:
Originally Posted by psssniper View Post
What are you getting at? The solution is free. It's 100% configuration. There's nothing to buy or additional hosting costs.
Reply With Quote
  #6  
Old 01-21-2022, 11:33 AM
SilveradoColt21's Avatar
SilveradoColt21 SilveradoColt21 is online now
CGN/CGSSA Contributor - Lifetime
CGN Contributor
 
Join Date: Sep 2021
Location: East Bay
Posts: 2,419
iTrader: 14 / 100%
Default

Quote:
Originally Posted by Fizz View Post
What are you getting at? The solution is free. It's 100% configuration. There's nothing to buy or additional hosting costs.
It's only 29 bucks a year though , helps support the cause.
Reply With Quote
  #7  
Old 01-21-2022, 9:33 PM
psssniper's Avatar
psssniper psssniper is offline
Love God Love People
CGN Contributor
 
Join Date: Oct 2005
Location: Corsicana/San Clemente
Posts: 3,046
iTrader: 196 / 100%
Default

Fizz if you look at everyone that has replied so far their names are in gold and under their name it says contributor.

That’s what we’re getting at.
__________________
"I do not love the bright sword for its sharpness, nor the arrow for its swiftness; I love only that which they defend.
victus exaro somniculosus, somnus exaro ieiunium
Reply With Quote
  #8  
Old 01-21-2022, 9:58 PM
enegue enegue is offline
Senior Member
 
Join Date: Apr 2006
Location: Culver City, CA
Posts: 863
iTrader: 7 / 100%
Default

Quote:
Originally Posted by SilveradoColt21 View Post
It's only 29 bucks a year though , helps support the cause.
He just offered to fix it for free. That would cost way more than $29 for a consultant.
Reply With Quote
  #9  
Old 01-22-2022, 7:34 AM
techbill's Avatar
techbill techbill is offline
CGN/CGSSA Contributor
CGN Contributor
 
Join Date: Feb 2012
Location: Vacaville, CA
Posts: 82
iTrader: 1 / 100%
Default

It is a simple Apache config and should be done. Force everything to be HTTPS only. I'm not sure who manages the software part for the message board, but I do wonder if there is an update to set the HSTS flag to true as well.
__________________

Application submitted: 1/3/22
Appointment: 2/3/22
Live Scan : 2/3/22
Proceed to Training: 5/31/22
Training Completed: 7/9/22
Document Uploaded: 7/10/22
CCW approved: 7/20/22
CCW picked up: 7/27/22
Utah Non-Res CCW 8/31/22
Reply With Quote
  #10  
Old 01-23-2022, 7:32 AM
J6P J6P is offline
CGN/CGSSA Contributor - Lifetime
CGN Contributor - Lifetime
 
Join Date: Nov 2008
Location: Orange County
Posts: 258
iTrader: 26 / 100%
Default

what's the differences between the Home button and the button immediately below it (calguns net)
? Other than one is http & the other is https, what else is different?
__________________
Quote:
Originally Posted by bigdawg86 View Post
use wolf ammo and after 5 rounds you wont see the rust anyways!
Reply With Quote
  #11  
Old 01-23-2022, 9:54 AM
Fizz's Avatar
Fizz Fizz is offline
Senior Member
 
Join Date: Feb 2012
Location: San Diego
Posts: 1,473
iTrader: 18 / 100%
Default

Quote:
Originally Posted by J6P View Post
what's the differences between the Home button and the button immediately below it (calguns net)
? Other than one is http & the other is https, what else is different?
Exactly as you state.

The problem isn't limited to the home button. It's a general issue where navigating to any link that's the opposite of what you logged into (http/https) will effectively halt site nav.

The site should simply force everyone to use SSL only for all links to calguns, even if a link doesn't have https in it. It will increase security for all members and fix the navigation issue.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -8. The time now is 4:18 PM.




Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Proudly hosted by GeoVario the Premier 2A host.
Calguns.net, the 'Calguns' name and all associated variants and logos are ® Trademark and © Copyright 2002-2021, Calguns.net an Incorporated Company All Rights Reserved.
All opinions, statements and remarks made by Calguns.net on this web site and elsewhere are solely attributable to Calguns.net.



Seams2SewBySusy