#3303 Some browsers report an insecure https connection

3.4.0
fixed
nobody
5
2013-06-11
2011-05-16
aommundsen
No

I am running phpMyAdmin on https with a SSL serctificate. After upgrading to phpMyAdmin 3.4.0, the front page and most subpages gives "Insecure connection" in Opera Webbrowser. However the connection is "Secure" when browsing the actuall databases pages, but on front page and main menu pages, it gives "Insecure contection". In other browsers this does not happen.

I do not have these problems with https and Opera in phpMyAdmin 3.3.10 or older, only the newest phpMyAdmin version 3.4.0

I am using the newest Opera webbrowser version 11.10 on Windows 7. The problem happens on both the "Original" and the "pmahomme" theme. I did test in Firefox, and did not have this problem in that browser.

Server information: CentOS 5.6 64bit, Apache 2.2.18, MySQL 5.1.57, php 5.2.17

Please see attached screenshot from Opera webbrowser.

Discussion

1 2 > >> (Page 1 of 2)
  • aommundsen

    aommundsen - 2011-05-16

    Opera 11.10 showing Insecure connection on front page of phpMyAdmin 3.4.0

     
  • Marc Delisle

    Marc Delisle - 2011-05-16

    Are you sure that the first URL you type in Opera to access phpMyAdmin contains the exact domain name that is related to the certificate?

     
  • aommundsen

    aommundsen - 2011-05-16

    Yes, I am absolutely sure about that. Also I can provide access to phpMyAdmin on a test databse, so you can test it your self. Please let me know if you want that. Maybe send me a email for log in details?

     
  • Marc Delisle

    Marc Delisle - 2011-05-16

    Did you try with Internet Explorer and Chrome on your Windows 7 machine? If all browsers work correctly except Opera, I wonder what the phpMyAdmin team can do about it...

     
  • aommundsen

    aommundsen - 2011-05-16

    As I say, it does not have any problems in phpMyAdmin 3.3.10 or older, the problem is introduced in phpMyAdmin 3.4.0

    Newest Opera browser does not have any problems on phpMyAdmin 3.3.10 - so the problem is introudeced by changes in phpMyAdmin 3.4.0

     
  • aommundsen

    aommundsen - 2011-05-16

    Update: I have tested more browsers: Both Internet Explorer 9 and Safari 5.05 have the same problem. Please see new attachment from Internet Explorer 9. To see the problem in Safari, you look at the the right in the adress field, and you will see the padlock is missing. Browse into a database, and you can see the padlock - in Safari the padlock is only visible on pages that is encrypted.

     
  • aommundsen

    aommundsen - 2011-05-16

    Update: I have now tested in newest version of Google Chrome, and Google Chrome has the same problem. So SSL does not work in Google Chrome, Opera and Safari.

     
  • aommundsen

    aommundsen - 2011-05-16

    Google Chrome 11.0.696.68

     
  • Marc Delisle

    Marc Delisle - 2011-05-16

    The exact message I get in Chrome is that this page includes other resources that are not secure. Indeed we now access http://www.phpmyadmin.net for a version check.
    Please try again by setting $cfg['VersionCheck'] to false.

     
  • aommundsen

    aommundsen - 2011-05-16

    Thanks. Setting $cfg['VersionCheck'] = false; fixes the problem with insecure connection. But for future, please change the cersion check so that it is connection to a secure server.

     
  • Marc Delisle

    Marc Delisle - 2011-05-16

    Yes, we are discussing about this on the phpmyadmin-devel list.

     
  • Marc Delisle

    Marc Delisle - 2011-05-17
    • assigned_to: nobody --> lem9
     
  • Marc Delisle

    Marc Delisle - 2011-05-17
    • summary: https give Insecure connection in Opera Browser --> Some browsers report an insecure https connection
     
  • Marc Delisle

    Marc Delisle - 2011-05-17

    Workaround for 3.4.1: no version check when https present in URL.

     
  • Marc Delisle

    Marc Delisle - 2011-05-17
    • assigned_to: lem9 --> nobody
    • status: open --> open-accepted
     
  • Lennard Warnaar

    Lennard Warnaar - 2011-05-27

    I only got this message under Chrome when I have the "Update check" on, and when there is an update. If I switch it off then it's okay. I checked the generated HTML, and it loads some info using http (rather than https) from the phpMyAdmin site for the version number.

     
  • Lennard Warnaar

    Lennard Warnaar - 2011-05-27

    Ah.. Never mind.. Been reading with my eyes in my pockets ;-) Ignore my remarks please.

     
  • Marc Delisle

    Marc Delisle - 2011-12-18
    • status: open-accepted --> pending-accepted
     
  • Marc Delisle

    Marc Delisle - 2011-12-18

    The workaround put in version 3.4.1 should be enough.

     
  • aommundsen

    aommundsen - 2012-05-04
    • status: pending-accepted --> open-accepted
     
  • aommundsen

    aommundsen - 2012-05-04

    After upgrading from version 3.5.0 to version 3.5.1 the problem is back. I have only tested in Opera browser. However, no matter what the browser report, the connection is not secure. The problem is with the version check. When I add the following line to config.inc.php the problem is fixed, and the connection is secure:

    $cfg['VersionCheck'] = false;

    Please revert the change so that there is no version check if using https, so that the connection is secure. The problem did not exist in version 3.5.0, but exist in version 3.5.1

     
  • Marc Delisle

    Marc Delisle - 2012-12-05

    What about version 3.5.4?

     
  • aommundsen

    aommundsen - 2012-12-05

    The problem still exist in version 3.5.4, and my browser (Opera) report that the front page in phpMyAdmin has a innsecure connection. However I fix the problem by adding this line to config.inc.php:

    $cfg['VersionCheck'] = false;

     
  • Marc Delisle

    Marc Delisle - 2012-12-28

    Should be fixed in 3.5.5.

     
1 2 > >> (Page 1 of 2)