Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] HTTPS links on wordpress blog post have S removed automatically, odd

Frank Corrigan email at franciscorrigan.com
Thu May 5 16:18:02 PDT 2011


Thanks, I am only using it in very limited situations and not for
anything sensitive, but I will look at other options, I just don't want
the burden of hosting something myself. I may add details of a gpg
public key. I have tried to make an informed trade off decision between
security V convenience.

I was looking into Diaspora <https://joindiaspora.com/> but that project
seems to have gone quiet.

Frank


----- Original message -----
From: "Erik Sundelof" <erik at sundelof.com>
To: "Frank Corrigan" <email at franciscorrigan.com>
Cc: "SiNA" <sina at anarchy.cx>, schoen at eff.org, brianc at smallworldnews.tv,
"Liberation Technologies" <liberationtech at lists.stanford.edu>
Date: Thu, 05 May 2011 13:44:47 -0700
Subject: Re: [liberationtech] HTTPS links on wordpress blog post have S
removed automatically, odd

All,

In general Wordpress is not very secure platform and is natively very 
vulnerable for attacks. Wordpress.com is ok but is very often blocked. I 
would strongly suggest against using Wordpress for anything you need a 
lot of security.

Best,

Erik

> ------------------------------------------------------------------------
>
> 	Frank Corrigan <mailto:email at franciscorrigan.com>
> May 5, 2011 12:58 PM
>
>
> Thanks for the feedback. I am not using a selfhosted WP blog and might
> not have explained myself well enough, for a better explanation with
> images anyone can download more info via:
> https://franciscorrigan.files.wordpress.com/2011/05/https-removal-of-s-by-wordpress.pdf
>
> I will be contacting wordpress direct, not happy with any blog system
> than changes a url I add to a post from a HTTPS url to a plain HTTP one,
> this is not about redirecting, this is about changing a link I add to a
> post. I think this has broad implication users of blogs, as they like me
> could be adding many urls with HTTPS links, only to discover the S is
> removed from the blog post BEFORE it is clicked on...
>
> Frank
>
>
> ----- Original message -----
> From: "SiNA" <sina at anarchy.cx>
> To: "Frank Corrigan" <email at franciscorrigan.com>
> Cc: "Liberation Technologies" <liberationtech at lists.stanford.edu>
> Date: Thu, 05 May 2011 11:44:50 -0700
> Subject: Re: [liberationtech] HTTPS links on wordpress blog post have S
> removed automatically, odd
>
> Try adding this to wp-config.php, it should make all the core parts of
> wordpress, use https for urls that are loading from an HTTPS site:
>
> if(strlen(strstr( $_SERVER['SERVER_PROTOCOL'],"HTTPS"))>0) {
> define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '');
> define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '');
> }
> else {
> define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '');
> define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '');
> }
>
>
> Hope it helps!
>
> --
> SiNA
> pgp 0x0B47D56D
>
>
>
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you 
> click above) next to "would you like to receive list mail batched in a 
> daily digest?"
>
> You will need the user name and password you receive from the list 
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> ------------------------------------------------------------------------
>
> 	Frank Corrigan <mailto:email at franciscorrigan.com>
> May 5, 2011 5:25 AM
>
>
> PS:
>
> Below is the html code snippet for the page, (from within the
> worpress.com Dashboard) that confirms HTTPS is rewritten to HTTP
>
> <strong>Note:</strong> When visiting <a
> href="http://www.franciscorrigan.com">www.franciscorrigan.com</a> it
> automatically redirects to this page<a
> href="https://franciscorrigan.files.wordpress.com/2000/01/contact.pdf"
> target="_blank">: </a><a title="Secure contact form over https
> encryption"
> href="https://franciscorrigan.wordpress.com/2000/01/01/contactme/"
> target="_blank">https://franciscorrigan.wordpress.com/2000/01/01/contactme/</a>
> ? (libtech note..)
>
> Thanks
> Frank
>
> ----- Original message -----
> From: "Frank Corrigan" <email at franciscorrigan.com>
> To: "Liberation Technologies" <liberationtech at lists.stanford.edu>
> Date: Thu, 05 May 2011 13:11:23 +0100
> Subject: HTTPS links on wordpress blog post have S removed
> automatically, odd
>
> I was setting up a 'secure' https contact page at:
> https://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> But when I post a link on the above blog page, it is overwritten by
> wordpress.com to remove the S in HTTPS, this is odd.
>
> In summary when I add this link to the blog:
>
> httpS://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> it becomes:
>
> http://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> Clearly this action seems to be hard coded into wordpress.com - I have
> replicated this problem a nuber of times, ensured I do not have a chache
> of the old page and added a ? after the link to ensure it is the latest
> version of the blog post.
>
> I cannot expect visitors to this page to have the HTTPS Everywhere
> add-on enabled, at least when I auto redirect to this page from
> http://www.franciscorrigan.com it does at least stay on the HTTPS
> version.
>
> Thanks
> Frank
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you 
> click above) next to "would you like to receive list mail batched in a 
> daily digest?"
>
> You will need the user name and password you receive from the list 
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> ------------------------------------------------------------------------
>
> 	Frank Corrigan <mailto:email at franciscorrigan.com>
> May 5, 2011 5:11 AM
>
>
> I was setting up a 'secure' https contact page at:
> https://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> But when I post a link on the above blog page, it is overwritten by
> wordpress.com to remove the S in HTTPS, this is odd.
>
> In summary when I add this link to the blog:
>
> httpS://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> it becomes:
>
> http://franciscorrigan.wordpress.com/2000/01/01/contactme/
>
> Clearly this action seems to be hard coded into wordpress.com - I have
> replicated this problem a nuber of times, ensured I do not have a chache
> of the old page and added a ? after the link to ensure it is the latest
> version of the blog post.
>
> I cannot expect visitors to this page to have the HTTPS Everywhere
> add-on enabled, at least when I auto redirect to this page from
> http://www.franciscorrigan.com it does at least stay on the HTTPS
> version.
>
> Thanks
> Frank
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you 
> click above) next to "would you like to receive list mail batched in a 
> daily digest?"
>
> You will need the user name and password you receive from the list 
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

Email had 1 attachment:
+ compose-unknown-contact.jpg
  2k (image/jpeg)



More information about the liberationtech mailing list