Please use the following URL; https:/www.partha.com

On Sun, Jan 29, 2017 at 12:01 PM, Scott Jacobs via gimp-user-list < gimp-user-list@gnome.org> wrote:

http://www.partha.com/

The above website is no longer active.

A later message says that it was up and running.

However, when I test-fired the link today, just for the fun of it, I got the following:

"Your connection is not secure

The owner of www.www.partha.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites" _______________________________________________ gimp-user-list mailing list
List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list

I meant https://www.partha.com

On Sun, Jan 29, 2017 at 12:05 PM, Partha Bagchi wrote:

Please use the following URL; https:/www.partha.com

On Sun, Jan 29, 2017 at 12:01 PM, Scott Jacobs via gimp-user-list < gimp-user-list@gnome.org> wrote:

http://www.partha.com/

The above website is no longer active.

A later message says that it was up and running.

However, when I test-fired the link today, just for the fun of it, I got the following:

"Your connection is not secure

The owner of www.www.partha.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites"
_______________________________________________ gimp-user-list mailing list
List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list

On 01/29/2017 06:06 PM, Partha Bagchi wrote:

I meant https://www.partha.com

Having a http host which only redirects to the https one would solve that nicely - all of the gimp.org under our direct control is set up this way.

Also, you might want to set up some headers to make framing and XSS harder - even and especially if you have no idea how this could ever become a problem.

See Mozilla's Observatory for an evaluation of your site and pointers to relevant resources:

https://observatory.mozilla.org/analyze.html?host=www.partha.com

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD

On 01/29/2017 06:17 PM, Scott Jacobs via gimp-user-list wrote:

Does this mean that if one visits a normally secured address, and intentionally goes to the address bar and removes the s, that one could potentially visit that site unsafely (unless Firefox etc. intervenes, of course) ?

This depends on the site configuration, actually. To make the downgrade to http next to impossible (unless someone forces it, this requires that you know what you are doing), a useful approach would be to use HSTS:

https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Strict_Transport_Security

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD

One issue is that http://www.partha.com is mistakenly redirecting to http*s*://*www.www*.partha.com

-c

This should be fixed now Casey. Please let me know otherwise. Thanks!

On Sun, Jan 29, 2017 at 1:24 PM, Casey Connor < gimp-user-list@caseyconnor.org> wrote:

One issue is that http://www.partha.com is mistakenly redirecting to http*s*://*www.www*.partha.com

-c

_______________________________________________ gimp-user-list mailing list
List address: gimp-user-list@gnome.org List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list List archives: https://mail.gnome.org/archives/gimp-user-list