ClassCreator.com | Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

Admin class members password box insecure

Forums: Questions and Answers About Building Your Site
Created on: 07/31/17 07:18 PM Views: 1447 Replies: 12
Monday, July 31, 2017 at 7:18 PM

This relates to the http/https issue with login, except the "insecure" message appears in the classmate details admin area when changing primary email address and/or member's password. Granted, this affects far fewer people (just admins), but did cause some confusion for one of my co-admins.

Also, I did not try the issue for a member "Change Password" by the member. That could increase the instance of problem.

Is there any way to fix this short of an SSL certificate?

Reply
Monday, July 31, 2017 at 10:20 PM - Response #1

What browser and device?

Did not get 'insecure' message with Firefox on Windows 10 desktop.

Reply
Tuesday, August 1, 2017 at 12:12 PM - Response #2
PswdChg.jpg

I get the warning here for both the admin passwd chg and user passwd change using FF 54.01 under Windows 7.

Once again, the easiest fix would be to simply display any page which asks for password info using the Class Creator long name and https - like the system does now for the Subscription page.

Reply
Tuesday, August 1, 2017 at 1:51 PM - Response #3

I have confirmed this and have sent documentation to the programmer.


Reply
Tuesday, August 1, 2017 at 3:22 PM - Response #4

Firefox & Chrome on Windows 10
Firefox on Windows 7 32-bit

Reply
Tuesday, August 1, 2017 at 6:35 PM - Response #5

I just tried to enter an email address in manage classmates. They did not have one yet and no warning message showed up. So that's a bit inconsistent for the browsers.

It does display that warning for active data. I think it is keyword driven and if one changes the "prompt" the warning might go away.

Some of this is getting ridiculous though. The whole thing was pushed for FINANCIAL transactions, not casual sites. A lot of hobby sites are just ignoring what is essentially a lot of noise about nothing.

Reply
Tuesday, August 1, 2017 at 8:24 PM - Response #6

It's not the page itself or the email address field. The browsers don't care if that's not protected, and let you enter anything you want there. It's the password field, and the browser's key on the 'input type=password' in the Password table entry as soon as you put the cursor in that field.

Reply
Tuesday, August 1, 2017 at 10:20 PM - Response #7

I was responding to the OP which mentioned the email address so I thought they meant that
Quote:

" the "insecure" message appears in the classmate details admin area when changing primary email address"
. That mislead me to think that field also had that warning Sad

Yes the keyword=password.

It's still a meaningless check for most hobby sites. What they need is a way to tell a browser that "WE DON'T CARE".

What's funny is that I can't use an iframe using https classcreator.com but I CAN use another https site for the iframe source. Check out interact.com and embed one of their "quiz" on a page. It's an https iframe and works. Makes absolutely no sense the way it's done right now.

Reply
Edited 08/01/17 10:23 PM
Tuesday, August 1, 2017 at 10:22 PM - Response #8

As an aside this warning also appears if a classmate goes to change their password. Same reason.

Reply
Tuesday, August 1, 2017 at 10:26 PM - Response #9

Another tidbit I keep forgetting to mention: Edit PREVIEW is done in https mode and fails if you use anything that violates the "rules" since it's an https classcreator.com page. Yet page will work just fine on one's site. Another biggie. Why is the editor + preview https???

Reply
Wednesday, August 2, 2017 at 9:26 AM - Response #10

The change password page is now secure.


Reply
Wednesday, August 2, 2017 at 10:22 AM - Response #11

Manage Classmates still has the warning.

Reply
Friday, August 4, 2017 at 1:23 PM - Response #12

Fixed Very Happy

Reply
New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.