08-10-2016, 08:03 AM | #1 |
creator of calibre
Posts: 43,856
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
HTTPS support?
Hi,
I'd really like to see mobileread made available over https. This is particularly important since it is used to distribute code that runs on users systems (sigil and calibre plugins). Thanks to the Let's Encrypt intiative HTTPS certificates are now free and automated. https://letsencrypt.org/ I recently (in the last 6 months) enabled Let's Encrypt on the calibre websites and it was pretty painless, so I can recommend it. Thanks. P. S. I am happy to help with any technical issues, if needed. |
08-11-2016, 02:18 PM | #2 |
Bah, humbug!
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
|
It sounds like a good idea. Have you mentioned this to Alex?
|
Advert | |
|
08-11-2016, 03:39 PM | #3 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
(I thought calibre plugins are mirrored on the calibre website. So at least it is only vulnerable between your server and MobileRead, when you scrape the index for updates. At least that is my justification for saying Debian is silly for calling the plugin updater a massive security hole and disabling it universally.)
I too would like to see MobileRead use HTTPS. |
08-11-2016, 10:37 PM | #4 | |
creator of calibre
Posts: 43,856
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
Quote:
@WT Sharpe: I am sure Alex reads this forum. He has posted here a few days back. |
|
08-12-2016, 09:11 AM | #5 |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Thanks Kovid. You are absolutely right - I am not feeling great that MR is still using non-HTTP. The issue is not technical in terms how to properly install the certificates etc. - it's the forum software and its style sheets that is so old that it requires quite some modifications to run well with HTTPS. Instead, I want to push forward with moving over to a modern forum software (xenForo). Now that I am back more frequently it's the first big thing I want to do - and with the move everything will be HTTPS-only.
|
Advert | |
|
08-12-2016, 10:51 AM | #6 |
Ex-Helpdesk Junkie
Posts: 19,422
Karma: 85397180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
|
Right... IIRC you were discussing that about a year ago, in reference to @member notifications.
So, do we have an ETA? |
08-12-2016, 11:14 AM | #7 | ||
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
Quote:
|
||
08-12-2016, 10:42 PM | #8 |
creator of calibre
Posts: 43,856
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
@Alex: Cool, glad to hear it.
|
08-12-2016, 11:15 PM | #9 |
Enthusiast
Posts: 29
Karma: 26718
Join Date: Nov 2013
Location: Long Island, NY - USA
Device: Oasis
|
If you ever have down & out encryption issues, I've recently published in a peer review journal about Prime Number Theory, Encryption, and Quantum Computing. It's very dry! I've been working with encryption for many years. I just aged out of a NDA for work I did about 20 years ago when I worked at a non-descrypt office at Ft. Bragg.
Thanks for bringing it up Kovid. |
10-18-2016, 10:18 AM | #10 | |
Guru
Posts: 734
Karma: 1077122
Join Date: Sep 2013
Device: Kobo Forma
|
And, according to:
https://www.testimpulse.com/index.ph...ure-http-sites Quote:
|
|
01-08-2017, 11:39 AM | #11 |
creator of calibre
Posts: 43,856
Karma: 22666666
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
I'm glad to see that MR is now HTTPS -- thx Alex
|
01-09-2017, 06:55 AM | #12 |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Thanks Kovid. Still ironing out a few small issues, but I am also glad we finally moved over.
|
01-09-2017, 01:41 PM | #13 |
Bah, humbug!
Posts: 39,073
Karma: 157049943
Join Date: Jun 2009
Location: Chesapeake, VA, USA
Device: Kindle Oasis, iPad Pro, & a Samsung Galaxy S9.
|
Thanks for the added security of HTTPS, Alex!
|
01-10-2017, 11:41 AM | #14 |
Wizard
Posts: 2,631
Karma: 73864785
Join Date: Dec 2010
Location: PDXish
Device: Kindle Voyage, various Android devices
|
Is this possibly the reason why the images in my 2017 challenge list no longer work?
See this post: https://www.mobileread.com/forums/sh...78&postcount=9 These images worked last time I checked (less than 2 weeks ago) and are the same ones I have been using for the last couple years but they now do not show up. |
01-10-2017, 02:43 PM | #15 | |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
I'll investigate why the proxy won't load these particular images. Fixed. Proxy didn't like HTML entities in URLs... |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
M92 stopped loading HTTPS pages | CJY | Onyx Boox | 32 | 01-22-2015 10:12 AM |
Classic HTTPS/SSL with Classic Nook | cdstech69 | Barnes & Noble NOOK | 1 | 02-16-2011 08:40 AM |