GBAtemp not secure in the threads.

Discussion in 'Site Discussions & Suggestions' started by comput3rus3r, May 16, 2018.

  1. comput3rus3r
    OP

    comput3rus3r GBAtemp Maniac

    Member
    7
    Aug 20, 2016
    United States
    The main page is secure as well as the threads list but when you go on an individual thread is not secure anymore. Anybody know why this is happening?

    The first screenshot shows me posting this and it's secure.
    The second one is inside a nintendo switch thread and then it's not secure.

    Seems like once you go 3 levels deep it's not secure anymore. is this normal? not secure.png secure.jpg
     
    Quantumcat likes this.
  2. Scarlet

    Scarlet Self-Inflicted Achromatic

    pip Contributor
    11
    GBAtemp Patron
    Scarlet is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    Jan 7, 2015
    United Kingdom
    Middleish North-Left
    I believe this is because of users with externally hosted images. Usually in posts or images.
     
    SomeGamer likes this.
  3. comput3rus3r
    OP

    comput3rus3r GBAtemp Maniac

    Member
    7
    Aug 20, 2016
    United States
    so what does it mean it's not secured?
     
  4. SomeGamer

    SomeGamer GBAtemp Guru

    Member
    10
    Dec 19, 2014
    Antarctica
    You shouldn't type your credit card number on the images.
     
  5. Seriel

    Seriel Always watching, always waiting..

    Member
    10
    Aug 18, 2015
    United Kingdom
    Wales, UK
    This is usually caused by user signatures having raw http images in them, however I did a quick network log on Firefox of this thread, and apparently the following URL relating to a Patreom image is not secured:
    http://gbatemp.net/styles/ts2/misc/patreon_logo_trans.png
    This might want to be looked at by the staff if you're interested in ensuring most pages have full encryption (Not that it matters either way since login details are not sent through that image). But it's interesting to note that just having a Patron in a thread causes this to happen.

    Honestly, not much.
    More technically speaking, it means that all the traffic that is causing this to happen (Usually images) is not encrypted and can be viewed by anyone who has access (Usually just your router and ISP) or anyone snooping on your connection if you're the victim of a MITM attack (Which i doubt you are).
    So if anyone is spying on your traffic they can see the raw data of those specific signature images (Or in this case a patreon badge lol), but not the thread contents. As long as the address bar says https on it, your login and details etc are safe.
     
    Last edited by Seriel, May 16, 2018
    Issac likes this.
  6. SomeGamer

    SomeGamer GBAtemp Guru

    Member
    10
    Dec 19, 2014
    Antarctica
  7. Seriel

    Seriel Always watching, always waiting..

    Member
    10
    Aug 18, 2015
    United Kingdom
    Wales, UK
    Yeah it does when you access it directly, but not when loaded as part of a page:
    [​IMG]
     
    SomeGamer likes this.
  8. Veho

    Veho The man who cried "Ni".

    Former Staff
    16
    Apr 4, 2006
    Croatia
    Zagreb
    It means the image links are not covered / encrypted by the SSL certificate that the locally-hosted content is.
     
    T-hug likes this.
  9. Seriel

    Seriel Always watching, always waiting..

    Member
    10
    Aug 18, 2015
    United Kingdom
    Wales, UK
    I dont want it to sound like I'm obsessing over this too much, but in the case of a lot of threads, its simply the Patreon badge that isnt encrypted thats causing this to happen. A lot of signature images and external images are usually https, although there are exceptions. But it doesn't help that every thread with a Patron posting in it causes this to crop up.
     
  10. comput3rus3r
    OP

    comput3rus3r GBAtemp Maniac

    Member
    7
    Aug 20, 2016
    United States
    it is very annoying tbh
     
    Seriel likes this.
  11. Costello

    Costello Headmaster

    Administrator
    18
    Oct 24, 2002
    thanks, the link has been fixed in the CSS :)
     
    comput3rus3r, T-hug and Seriel like this.
  12. Seriel

    Seriel Always watching, always waiting..

    Member
    10
    Aug 18, 2015
    United Kingdom
    Wales, UK
    Sweet, that made this thread and a fair chunk others fully secure.
    I did a quick look around various threads out of curiosity, and managed to find "http://gbatemp.net/styles/ts2/misc/gloss.png". I have no idea where its called, but it is referenced over raw http like the patron one. (And interestingly doesnt redirect me to https when accessed directly, although the hyperlink here does.)
    Other than that it's just misc things on people's signatures, which isn't the fault of gbatemp at all.
    Warning: Spoilers inside!
     
    Last edited by Seriel, May 17, 2018
  13. Costello

    Costello Headmaster

    Administrator
    18
    Oct 24, 2002
    thanks Seriel that's fixed as well now.
     
    Seriel likes this.
  14. Seriel

    Seriel Always watching, always waiting..

    Member
    10
    Aug 18, 2015
    United Kingdom
    Wales, UK
    Ahah, thanks for looking at these for me. That should sort out most of the complaints of threads not being fully secure :sleep:
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice