I just came here to complete the process of payment and I noticed that I’m adding sensitive information to the non-trusted site as I can see that in payment page they are using HTTP instead of HTTPS. What the suggestions here?

Thanks.

If you send typed you credit card number over a connection in http (not encrypted), instead of https (encrypted), I suggest to you block your credit card. But I never have to do that with mime, so I do not know how to proceed on the aftermath.

Where you buying a Sublime Text here and the process were over an http connection?

Does not seems to:

I’m trying to buy from the official (Sublime Text) website, I’ve taken the screenshot, and note that I didn’t sign in, so maybe that’s why I still using HTTP.

Screen Shot 1438-03-07 at 4.00.47 PM.png2170×1512 169 KB

You must have manually entered the non-secure buy URL. All links on the site go to the secure version. Simply change the URL to https://www.sublimetext.com/buy.

I’ll talk to Jon about configuring it so it isn’t possible to request this page without TLS.

You should do this to all pages, by the way.

I believe Jon decided not to do this so that the site could be accessed by more users. The download pages definitely only work over TLS since that is important.

@wbond while you’re at it, please also ask him to update the Discourse installation for this forum. Thanks!

I manage the forum. I’ll get around to an upgrade at some point. Unfortunately I’ve been bitten too many times by Discourse’s rough edges, so I am generally inclined to leave things working as they are.

While you’re there, maybe you install Tags & Solved plugins. Actually I just noticed that Tags are now built in, so upgrading to latest, should get Tags as well.

Did you encountered any issues on updates? Did you installed the official way (via docker) or stand alone?

The only problem that i had on update was related to upgrading the server from Ubuntu 15.x to 16.x (or 14->15, don’t remember) and i had to re-install docker & co (no data loss, nothing serious though). Downtime for 15 mins, until i figured out what’s going on.

I have not installed any updates because the install process wasn’t very smooth.

I followed the docker method. The docs were wrong in a few places, and the response I got when asking questions was basically “you are doing it wrong”, even though I was following the “happy path.” Once or twice during initial “setup” I rebuilt the docker image, but there is no “pinning” system, they make breaking changes without documenting them in a changelog (there is no changelog), and the docker image doesn’t have any public script/record of how it was set up, so you can’t even see what was changed on the image. This puts the onus of figuring out all changes on the site admin, through reverse engineering.

It has been mostly stable, although every once in a while one of the daemons used to run the site fails and there doesn’t seem to be too much in the way of auto-recovery.

I am fairly certain that doing an upgrade will result in something breaking (because things broke in the two weeks during setup), so I need to find a few hours where I feel like dealing with git log spelunking and debugging a rails app.

I would suggest to you use PayPal, so you do not have to go around the internet typing your’s credit card number.

The image in the post I’m replying to probably indicates that the main site is loaded from https://* but that some inline elements (images) are not. Whether it’s a site problem or maybe local problem for the user (some extension might be injecting non-secure image or something), I don’t know.

You are right! that’s what I did.

Thanks, we can switch to HTTPS but I think it should be configured permanently to use HTTPS.

Looking at the source, the popup payment window where you enter your card number goes to a stripe.com URL, secured with https.