Security changes to ozfclass.com

For general announcements, and anything which does not fit into one of the categories below.

Moderator: Mod

Message
Author
AlanF
Posts: 7494
Joined: Wed Jun 15, 2005 8:22 pm
Location: Maffra, Vic

Security changes to ozfclass.com

#1 Postby AlanF » Thu Mar 16, 2017 7:31 pm

You may have had some disruption to your ozfclass.com login over the last few days. It has come about because a common browser (Firefox) has in a recent update become less tolerant of websites which ask for passwords and are not highly secure. Because of this, thanks to Graham, we have upgraded ozfclass to a higher security level. However anyone using an old link to access ozfclass.com (via http://ozfclass.com) will lose the ability to have their login remembered, and will need to enter their login name every time (i.e. the "Remember me" tick box won't work).

However this can be overcome by changing whatever link you use to "https://ozfclass.com/......." . The "s" after "http" takes you directly to the secure site, and things should work as before. For example I have a link on my Desktop:

"https://ozfclass.com/phpbb search.php?search_id=newposts"

This opens the forum with a list of all recent posts, and does not ask for a login because I have "Remember Me" ticked from my previous login.

If you need help with this, please ask on this thread so everyone gets the benefit.

Brad Y
Posts: 2181
Joined: Fri Jun 26, 2009 8:21 pm

Re: Security changes to ozfclass.com

#2 Postby Brad Y » Thu Mar 16, 2017 9:31 pm

Alan when will this take effect as I log in with the normal old address and it remembers my password fine. Using safari on iPad

GrahamW
Posts: 182
Joined: Sun Jul 25, 2010 9:43 pm
Location: Bathurst, NSW
Contact:

Re: Security changes to ozfclass.com

#3 Postby GrahamW » Thu Mar 16, 2017 9:50 pm

Brad Y wrote:Alan when will this take effect as I log in with the normal old address and it remembers my password fine. Using safari on iPad


It's in effect now Brad.

Does it not automagically change it from http to https?
It should.
But then if you connect via a non-secure bookmark it would (should) force a new login.

Some (older) iPads may have issues and not accept the SSL Certificate, if anyone comes across this the easiest thing to do is click the "Advanced" link and accept the connection as trusted.

8-)

GrahamW
Posts: 182
Joined: Sun Jul 25, 2010 9:43 pm
Location: Bathurst, NSW
Contact:

Re: Security changes to ozfclass.com

#4 Postby GrahamW » Thu Mar 16, 2017 9:54 pm

Just to elaborate on Alan's post a little......

While it was already intended to update to a properly secured connection for the site this has simply brought forward the need to do so.

This "should" have minimal, if any, effect on how you use the site. It simply means that your connection to the site is now secure & encrypted to prevent any malicious snooping/spoofing of your login details.

As far as your current Bookmarks go, the simplest thing to do is to edit the link and change "http://www.ozfclass.com" to "https://www.ozfclass.com".

For those that link directly to "New Posts" or "Unread Posts" etc. simply add the "s" to the "http" and all should work as per normal (after your initial login via https).

You can still login using your old bookmarks (http) and it will automatically change it to a secure (https) connection BUT it won't remember that login next time you go to the non-secure bookmark (http), it will remember your login if you go to the secure bookmark (https).

8-)

Brad Y
Posts: 2181
Joined: Fri Jun 26, 2009 8:21 pm

Re: Security changes to ozfclass.com

#5 Postby Brad Y » Thu Mar 16, 2017 10:17 pm

I manually just changed the bookmark as it didn't do it automatically. Seems the same. Didn't have to re enter the password or anything. Latest model iPad Air that I use for work- all up to date operating system. So long as I have access to the forum I'm happy.

ShaneG
Posts: 574
Joined: Fri Jun 15, 2012 2:25 pm
Location: Cairns

Re: Security changes to ozfclass.com

#6 Postby ShaneG » Thu Jun 01, 2017 8:38 am

I am continually having to log in twice to get onto the site?

AlanF
Posts: 7494
Joined: Wed Jun 15, 2005 8:22 pm
Location: Maffra, Vic

Re: Security changes to ozfclass.com

#7 Postby AlanF » Thu Jun 01, 2017 8:56 am

ShaneG wrote:I am continually having to log in twice to get onto the site?

Are you following the above instructions regarding "https" and clicking "Remember Me"?

Brad Y
Posts: 2181
Joined: Fri Jun 26, 2009 8:21 pm

Re: Security changes to ozfclass.com

#8 Postby Brad Y » Sat Jun 03, 2017 5:48 pm

Yes I'm still having to do it too and I changed my links. Using an iPad and safari. Not the end of the world if I have to log in occasionally but regularly is a little painful

GrahamW
Posts: 182
Joined: Sun Jul 25, 2010 9:43 pm
Location: Bathurst, NSW
Contact:

Re: Security changes to ozfclass.com

#9 Postby GrahamW » Sat Jun 03, 2017 7:03 pm

Brad Y wrote:Yes I'm still having to do it too and I changed my links. Using an iPad and safari. Not the end of the world if I have to log in occasionally but regularly is a little painful


I'll install Safari later to test it but doubt it'll be the same with a windows version anyway...

One thing to double check is that you have cookies enabled in the browser settings.

There's nothing unusual or out of the norm with the https setup, all very standard.

I'm not all that familiar with Safari but I have used it in the past when I had an iphone and don't recall anything quirky with it regarding https.


[EDIT] OK, just did a quick Google search... try some of the answers here --> safari not remembering logins with https

ger
Posts: 219
Joined: Mon Jun 04, 2007 8:12 pm

Re: Security changes to ozfclass.com

#10 Postby ger » Sun Jun 04, 2017 6:20 am

FireFox (latest version - 53 I think) and Chrome (on my android phone) also has this problem so I don't think it's browser related.

The https pages are also not fully encrypted so FF doesn't like that either. But I don't think this is the problem - I have no idea why it sometimes wants a double login and sometimes not. It doesn't seem to matter if cookies are enabled or not.

Geoff.

KHGS
Posts: 933
Joined: Thu Oct 20, 2005 12:46 am
Location: Cowra NSW

Re: Security changes to ozfclass.com

#11 Postby KHGS » Sun Jun 04, 2017 8:35 am

ger wrote:FireFox (latest version - 53 I think) and Chrome (on my android phone) also has this problem so I don't think it's browser related.

The https pages are also not fully encrypted so FF doesn't like that either. But I don't think this is the problem - I have no idea why it sometimes wants a double login and sometimes not. It doesn't seem to matter if cookies are enabled or not.

Geoff.


Thats how it is for me on Safari too, frustrating!!!!!!

GrahamW
Posts: 182
Joined: Sun Jul 25, 2010 9:43 pm
Location: Bathurst, NSW
Contact:

Re: Security changes to ozfclass.com

#12 Postby GrahamW » Mon Jun 05, 2017 11:27 am

ger wrote:FireFox (latest version - 53 I think) and Chrome (on my android phone) also has this problem so I don't think it's browser related.

The https pages are also not fully encrypted so FF doesn't like that either. But I don't think this is the problem - I have no idea why it sometimes wants a double login and sometimes not. It doesn't seem to matter if cookies are enabled or not.

Geoff.


Hi Geoff,
I think you'll find the only thing not encrypted is images.

The browsers I use (in order of preference) are...
Chrome, Comodo Dragon and Firefox on my PC, on my Windows Tablet I use Chrome and (occasionally) Edge, on my Android Tablet I use Chrome.

I'm able to stay logged in to Ozfclass on all these devices using any of these browsers.
Yes, Firefox gives a couple of minor warnings (This web site does not supply ownership information. Connection Partially Encrypted).
These are very minor things but I'll try to explain why we get them.

The SSL Certificate we use is supplied by Let’s Encrypt.
Let’s Encrypt is a free, automated, and open Certificate Authority who provide a free certificate that can be used for sites that basically only require minimal SSL connection/encryption, such as forums requiring login. Sites where there's no sensitive data (credit card, personal details, etc.) stored or requested (i.e. Ozfclass.com).
You can read more about Let’s Encrypt by clicking their link.

Here is their Browser Certificate Compatibility list.
Here are their FAQs which explains why some browsers give the "This web site does not supply ownership information" message.

We do not store, request or collect any sensitive data and it would be pointless paying $100 to $500 a year for an SSL Certificate simply to get Organization Validation and Image encryption that is not critical to provide sufficient security for our login details.


Honestly, I have no idea why some members are having issues with their browsers not remembering their logins and without being able to check individual settings in detail it's impossible to diagnose from here.

My suggestion would be to use Google and read how others have solved similar issues. The quick search I did earlier showed that it's not an isolated OR browser specific problem. I'm sure different search terms will give even more answers and I will be trying some as soon as I have time.


Note: I'm not suggesting that you don't post your problems in here, quite the opposite, I'm very interested in hearing from anyone having issues and would really like to hear from anyone that finds a solution to their particular problem.

Cheers,
8-)


Return to “General Forum”

Who is online

Users browsing this forum: No registered users and 7 guests