2017 was our 20th year online!

Welcome to the Piano World Piano Forums
Over 3 million posts about pianos, digital pianos, and all types of keyboard instruments.
Over 100,000 members from around the world.
Join the World's Largest Community of Piano Lovers (it's free)
It's Fun to Play the Piano ... Please Pass It On!

Shop our online store for music lovers
SEARCH
Piano Forums & Piano World
(ad)
Spring Into Sound Sale
(ad)
Best of Piano Buyer
 Best of Piano Buyer
(ad)
Pianoteq
Steinway Spiro Layering
(ad)
Wessell Nickel & Gross
PianoForAll
Who's Online Now
62 members (chopinetto, bajtucha, Bill McKaig,RPT, anotherscott, CyberGene, c++, beeboss, 19 invisible), 489 guests, and 357 robots.
Key: Admin, Global Mod, Mod
(ad)
Estonia Pianos
Estonia Pianos
Previous Thread
Next Thread
Print Thread
Hop To
#2733872 05/03/18 02:56 PM
Joined: Mar 2018
Posts: 178
R
Full Member
OP Offline
Full Member
R
Joined: Mar 2018
Posts: 178
Piano World is secure:

https://pianoworld.com


Piano World's forums are not secure:

http://forum.pianoworld.com


You can test this by copying and then pasting the following URL:

https://forum.pianoworld.com



Please make Piano World's forums secure.

Piano & Music Accessories
Joined: Jan 2018
Posts: 19
D
Junior Member
Offline
Junior Member
D
Joined: Jan 2018
Posts: 19
This issue deserves more attention. Many web hosting providers offer free auto-renewing certificates and easy set-up, so hopefully this won't be too difficult to add. You'll also want redirect rules so all http requests go to https, to prevent people from accidentally using the non-secure version of the site, and to redirect all permalinks.

Without this, anyone else connected to the same network as someone browsing the forums (such as connected to the same wifi in a coffee shop), as well as anyone with access to any intermediate system between the user and the forum's web host, can see:

* the forum user's username and password when they sign in, such that someone else can also sign in as the user
* the signed-in token sent with every page, such that someone else can impersonate the signed-in user (post, change the password, etc.)
* the address and contents of every page the user loads, and all activity such as posting, private messaging, or changing settings

Someone capable of interfering with network traffic, such as if the forum user accidentally connects to an attacker's wifi thinking it's the wifi of the coffee shop, can also replace content on pages loaded, such as to inject malware and other attacks.

The most likely of these attacks is password skimming, not because a Piano World forum account is that valuable, but because many people still use the same email address and password on more important sites. The attacker doesn't even have to be in the coffee shop: this is easy to do by compromising someone else's computer and turning it into a password skimmer. Do this in bulk and you have passwords coming in from all over the world.

The Google Chrome browser displays a warning for all non-secure pages, and Google's search engine demote non-secure pages in search rankings. This is part of an industry-wide move to using HTTPS (SSL/TLS) for all websites.


Yamaha Clavinova CLP-685 • 36-year dabbler, three-time adult learner
Joined: May 2020
Posts: 2
B
BGV Offline
Junior Member
Offline
Junior Member
B
Joined: May 2020
Posts: 2
I'm happy to assist in getting the site on a secure host. I also just noticed when I signed up that the site emails my plain-text password to me, which is not an ideal situation... I'm a web developer so I have experience in these areas.

Joined: Oct 2018
Posts: 391
N
Full Member
Offline
Full Member
N
Joined: Oct 2018
Posts: 391
Still an issue in 2021. Just issue a ceritifcate, maybe with Certbot + Nginx?

Joined: Feb 2021
Posts: 3
A
Junior Member
Offline
Junior Member
A
Joined: Feb 2021
Posts: 3
+1 - came here to whinge about this and found it was the most recent post in here anyway.

Firefox currently warns on login due to this: [Linked Image]

I suspect that the issues noted in another thread in here on Safari are due to similar user protection measures.

As previously noted, Google search have publicly stated that they penalize non-https results; this will currently be affecting the pianoworld forum.

The forum is actually currently available on https, however the certificate is only valid for "pianoworld.com" and "www.pianoworld.com" and hence is invalid in this context. You'd need to add "forum.pianoworld.com" or "*.pianoworld.com" to make it valid.

Cheers and sorry for the whinge. smile

Last edited by akdor1154; 03/03/21 09:01 PM.

Link Copied to Clipboard
(ad)
Faust Harrison Pianos
Faust Harrison 100+ Steinway pianos
(ad)
Couch to Concert Hall
Couch to Concert Hall
(ad)
PianoDisc

PianoDisc
(ad)
Piano Life Saver - Dampp Chaser
Dampp Chaser Piano Life Saver
(ad)
Mason & Hamlin Pianos
New Topics - Multiple Forums
Pedal Authenticity
by peterws - 04/10/21 06:20 PM
Monitors or keyboard amp for Stage 3
by Sebs - 04/10/21 05:22 PM
III and V of D minor
by Sebs - 04/10/21 05:16 PM
Musician's Friend
by Mac2010 - 04/10/21 04:42 PM
Song Request
by Mac2010 - 04/10/21 04:37 PM
Download Sheet Music
Virtual Sheet Music - Classical Sheet Music Downloads
Forum Statistics
Forums42
Topics206,206
Posts3,080,845
Members101,147
Most Online15,252
Mar 21st, 2010
Please Support Our Advertisers

Faust Harrison 100+ Steinways

Dampp Chaser Piano Life Saver

 Best of Piano Buyer

PianoTeq Bechstein
Visit our online store for gifts for music lovers

Virtual Sheet Music - Classical Sheet Music Downloads



 
Help keep the forums up and running with a donation, any amount is appreciated!
Or by becoming a Subscribing member! Thank-you.
Donate   Subscribe
 
Our Piano Related Classified Ads
| Dealers | Tuners | Lessons | Movers | Restorations | Pianos For Sale | Sell Your Piano |

Advertise on Piano World
| Subscribe | Piano World | PianoSupplies.com | Advertise on Piano World |
| |Contact | Privacy | Legal | About Us | Site Map | Free Newsletter |


© copyright 1997 - 2021 Piano World ® all rights reserved
No part of this site may be reproduced without prior written permission
Powered by UBB.threads™ PHP Forum Software 7.7.5