# Security Concern



## Kzorith (Sep 27, 2016)

Greetings,

Is anyone else seeing that the Furaffinity main site and the forums are showing as unsecure websites?  I thought that they were both supposed to be secure and verified?

For instance, in Chrome, I see an information symbol next to the address of the forums, and clicking it shows me that my connection to Fur Affinity Forums is not secure.  Same thing in the main site but the list of non-secure origins is much longer.

Considering the past of this site, I feel that this is a concern that should be looked at fairly seriously.

Thanks in advance,
Kzorith


----------



## Tetrachroma (Sep 27, 2016)

I'm not getting any security warnings.


----------



## Kzorith (Sep 28, 2016)

This is what I see looking at this thread in Google Chrome


----------



## jayhusky (Sep 28, 2016)

This would be that you are not enforcing HTTPS on the forums itself.
All those insecure URL's are loaded with a relative protocol, e.g. instead of a hard-coded http or https text the url is specified as //:domain.com, so it's matching what you're currently using.

Just change the forum domain to Fur Affinity Forums and the connection will change to secure.


----------



## Synthex (Sep 28, 2016)

So, I tested something out, and it seems that once you are on the secure connection, all links will keep you on the secure connection except the "Home" link and the "Fur Affinity Forums" link. Clicking either of those will knock you off of the https prefix.


----------



## jayhusky (Sep 28, 2016)

Synthex said:


> So, I tested something out, and it seems that once you are on the secure connection, all links will keep you on the secure connection except the "Home" link and the "Fur Affinity Forums" link. Clicking either of those will knock you off of the https prefix.


That's down to whoever installed the forums and didn't specify a https address.
If you use a browser plugin like HTTPS Everywhere, it'll save you the issues noted above.


----------



## Kzorith (Sep 29, 2016)

Thank you for your recommendation, JayHusky.

My concern is that I shouldn't have to use a third party tool to be forced into HTTPS, nor should I have to remember to do so by setting a link.  There should be an automatic redirect on both the forums and the site itself that anything coming in as HTTP automatically gets flipped to HTTPS.  Otherwise, you might as well not bother requiring a password for these sites because they won't be sent securely to the backend for verification.

Kzorith


----------



## jayhusky (Sep 30, 2016)

Kzorith said:


> Thank you for your recommendation, JayHusky.
> 
> My concern is that I shouldn't have to use a third party tool to be forced into HTTPS, nor should I have to remember to do so by setting a link.  There should be an automatic redirect on both the forums and the site itself that anything coming in as HTTP automatically gets flipped to HTTPS.  Otherwise, you might as well not bother requiring a password for these sites because they won't be sent securely to the backend for verification.
> 
> Kzorith


No problem.
I know, I've submitted a request for the forums to be enforced HTTPS connections, only time will tell if it is put in place.


----------

