SUBSIM Radio Room Forums - View Single Post

Catonga · 06-29-19, 11:15 AM

Thanks, the most important part of the website seems to be encrytped now.
But you are still using mixed content, which means, one part is encrypted via https but the other part is not.

This for example is listed in the developer mode of Firefox in the console as warning messages when loading this page:

Code:

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/ranks/gunner.jpg” on a secure pageshowthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...of2018_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=9932” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=6331” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...14_small2.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...f_2017_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...of2018_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...come_icon.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...ks/gunner.jpg” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...of2018_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=9932” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=6331” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...14_small2.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...f_2017_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...of2018_sm.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...come_icon.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=7827” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ctureid=10285” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/imag...s/swabbie.jpg” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ictureid=7827” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/images/icons/icon1.png” on a secure page
showthread.php

Loading mixed (insecure) display content “http://www.subsim.com/radioroom/pict...ctureid=10285” on a secure page
showthread.php

Although this other part consistent only of passive data like images and not active data like javascript files but an attacker could still compromise these passive data.
He could for example exchange the images with others.
And, much more worse, if the browser engine of a user does have a security bug in the image processing part, he could use that to brake into the users browser process by manipulating the image data that is sent to the user.

To fix this, you will need to put a https before all the image loading urls in your html and php code.

Here are some more infos about that topic:

And here:
https://support.mozilla.org/en-US/kb...ocking-firefox