Large format photography forum

lecarp · Apr 2, 2018

I just noticed a warning when preparing to log onto the LLF that the site is not secure, did not put in my password. Anyone noticed this or have information about the problem?

p.s. I am on a Mac.

faberryman · Apr 2, 2018

No problem here.

Doremus Scudder · Apr 2, 2018

Firefox and other browsers will let you know that this site is not secure for log-in. If you are concerned about a password being stolen and used elsewhere, then you need to have a password specifically for this site. Then, if it's stolen, they'll only be able to access your Photrio account. That's what I've done.

Maybe one of the moderators will post here with more specific information.

Best,

Doremus

mrosenlof · Apr 2, 2018

I'm pretty sure that LFF hasn't actually changed, it's just that newer browsers are pointing out more clearly when web pages are not secure.

I tried to load Dead Link Removed and got a certificate invalid warning, so I'm guessing the LFF admins haven't really made an effort to configure for secure connections.

probably best to use a password there that you don't also use on more important sites...

ced · Apr 2, 2018

Yep same here with FFox browser on Mac one is confronted with see attached.

Oren Grad · Apr 2, 2018

We had a discussion on this about a year ago in our Feedback subforum. As our technical guru, Tom Westbrook, pointed out at the time, an SSL certificate would be a recurring cost for us, and as a non-commercial site we are running on donated resources and time and have no regular income stream. I'll add that it would be another item for Tom to deal with. We may get to it at some point, but we cannot promise whether or when.

In any case it is not good practice to use the same password across different websites.

Old-N-Feeble · Apr 2, 2018

I can only guess that their certificate has expired. MS (or whoever?) wants more $.

Sean · Apr 3, 2018

Oren Grad said:
an SSL certificate would be a recurring cost for us,

Well $5-10 per yr if you go the cheap route, which would probably be fine. I'm glad we're on ssl now (APUG wasn't).

shashinzukuri · Apr 3, 2018

Oren - https://letsencrypt.org/

There's really no good reason not to encrypt anything that requires a signin.

locutus · Apr 3, 2018

Agreed, letsencrypt is fine for something like LFF. Its free but requires a certificate update every year.

Nowadays all the big browsers have the letsencrypt root CA in their bundle so this is completely hasslefree for the enduser too.

Oren Grad · Apr 3, 2018

shashinzukuri said:
Oren - https://letsencrypt.org/

There's really no good reason not to encrypt anything that requires a signin.

Thanks, I will bring this up for discussion.

Everyone: if you would like to convey that this is an ongoing concern and to make suggestions for how to address it, please feel free to raise it again as a topic in our Feedback subforum. We appreciate Sean's willingness to host the occasional question about us when there's an issue as to whether we are properly up and running, but beyond that let's not impose on his resources for detailed discussion of issues that are specific to LFPF. Also, I don't always have time to check in over here - posting us directly will assure that we are aware of any concerns as soon as possible.

MattKing · Dec 30, 2021

I'm closing this thread - there is a similar more recent (late December 2021) one in the sub-forum.

Large format photography forum

lecarp

faberryman

Doremus Scudder

mrosenlof

ced

Oren Grad

Old-N-Feeble

Sean

Admin

shashinzukuri

locutus

Oren Grad

MattKing

Moderator

Large format photography forum

Admin

Moderator

Privacy & Transparency

Privacy & Transparency