Why Daz, Why?

Why is the Daz Documentation Center not a secure site link?

URL: http://docs.daz3d.com/doku.php

 

I am in the install manager and click on an info button and it sends me to an insecure site, but still attached to Daz3d.com.

 

Comments

  • nicsttnicstt Posts: 10,887

    sadly, can't even force it with https

  • melaniemelanie Posts: 528

    And most of the documents aren't even showing. Just get a blurb about it being a place holder for an upcoming product, but it's showing the same for most products. Only a very few are actually showing the product information.

  • melanie said:

    And most of the documents aren't even showing. Just get a blurb about it being a place holder for an upcoming product, but it's showing the same for most products. Only a very few are actually showing the product information.

    There is, or was, an issue with the stroe supplying the data that the read me code (they are geernated on the fly, not stored as static data) uses to determine if the product is live and can have its readme viewed.

  • missing readme's still is an issue. Quite a lot of new products are completely lacking their readmes on release day. Not to talk about older ones. 

  • So if products are not including readme's, does that mean everyone is making their own textures for their products or making the props they create textures for, cause it was my understanding you have to give credit, usually done in readme's when you use anything made by another creator.

  • ChoholeChohole Posts: 33,178
    edited November 2020

    So if products are not including readme's, does that mean everyone is making their own textures for their products or making the props they create textures for, cause it was my understanding you have to give credit, usually done in readme's when you use anything made by another creator.

    The Missing readme files is a bug that has not yet been corrected rather than an actual change in policy
    Daz readme files follow a template,  so are all the same style
    Yes in the main Daz PAs make their own textures or have a partner/co PA that does so as a team.
    Obviously if you are making a texture set for props  or clothing you do need to say  what it is a texture set for,   this would be included on the Store page as "Required Products" and also quite probably in the product name,  as in "Texture for Blah Blah.

     

    Post edited by Chohole on
  • So if products are not including readme's, does that mean everyone is making their own textures for their products or making the props they create textures for, cause it was my understanding you have to give credit, usually done in readme's when you use anything made by another creator.

    ^Depends on the license for the thing of which it's a derivative.

    Vendors use different things, including but not limited to: Substance Painter, Photoshop/Gimp self-created stuff, Own photos, Blender procedural textures, Other texture resource images, etc.

    If they're doing a texture addon, the original model should be listed on the store page under 'required products' ... except that seems to be sometimes not showing up right at the moment.

  • SevrinSevrin Posts: 4,450

    So if products are not including readme's, does that mean everyone is making their own textures for their products or making the props they create textures for, cause it was my understanding you have to give credit, usually done in readme's when you use anything made by another creator.

  • takezo_3001takezo_3001 Posts: 1,013

    Why is the Daz Documentation Center not a secure site link?

    URL: http://docs.daz3d.com/doku.php

     

    I am in the install manager and click on an info button and it sends me to an insecure site, but still attached to Daz3d.com.

    Who says these forums are even secure? At least the store is secure...

     

    image_2020-11-28_201039.png
    583 x 356 - 46K
    image_2020-11-28_201230.png
    812 x 419 - 51K
  • TaozTaoz Posts: 8,325

    If you get the placeholder page, refreshing the page one or more times usually makes the correct page load.

  • DAZ_RawbDAZ_Rawb Posts: 728

    Why is the Daz Documentation Center not a secure site link?

    URL: http://docs.daz3d.com/doku.php

     

    I am in the install manager and click on an info button and it sends me to an insecure site, but still attached to Daz3d.com.

    Who says these forums are even secure? At least the store is secure...

     

    The forums are marked as insecure because there is content that people have linked (through their signatures and the like) that is http instead of https, the other option to this is not allowing embedded remote content, which might be a good idea from a privacy perspective so we'll have to look into that someday.

  • PetraPetra Posts: 795
    melanie said:

    And most of the documents aren't even showing. Just get a blurb about it being a place holder for an upcoming product, but it's showing the same for most products. Only a very few are actually showing the product information.

    There is, or was, an issue with the stroe supplying the data that the read me code (they are geernated on the fly, not stored as static data) uses to determine if the product is live and can have its readme viewed.

    It would be much better if each product has a readme in the product itself as other stores have.

  • takezo_3001takezo_3001 Posts: 1,013
    DAZ_Rawb said:

    Why is the Daz Documentation Center not a secure site link?

    URL: http://docs.daz3d.com/doku.php

     

    I am in the install manager and click on an info button and it sends me to an insecure site, but still attached to Daz3d.com.

    Who says these forums are even secure? At least the store is secure...

     

    The forums are marked as insecure because there is content that people have linked (through their signatures and the like) that is http instead of https, the other option to this is not allowing embedded remote content, which might be a good idea from a privacy perspective so we'll have to look into that someday.T

    Thanks for that bit of info, it makes me feel a lot better then, as that's much better than having vulnerabilities in the code! 

  • Why is the Daz Documentation Center not a secure site link?

    URL: http://docs.daz3d.com/doku.php

    I think a better question is "why do you think it needs to be?". Because the only thing we're talking about here is encryption: making sure the data between the webserver and your computer gets encrypted to avoid others from spying. But since this is public documentation we're talking about there's nothing to protect. Adding encryption won't change anything, all it does is making things a lot more harder for Daz then they need to be.

    This whole "https is better than http" is a load of nonsense because it doesn't make things more secure at all, all it does is prevent possible 3rd party spies.

    In fact, but I realize I might take things a bit too far here, this whole https fascination is actually a main reason why we're running out of IPv4 addresses!  See: a webserver can easily host multiple websites using 1 single IP addresss, it does this through "name based verification". So: the webserver gets a request for a website, recognizes the name and then serves the right site. Adding encryption (so: using https) makes this impossibe. After all: first you need to establish an encrypted connection before you can sent data across. As a result every "https website" has to be hosted using a dedicated IP address. You know... the main thing we've been running short of multiple times?

    Worst part of it all, as mentioned above, is that https doesn't make things more secure at all.

    So yah, IMO it's a good thing that https isn't used. This makes the site more responsive and you'll also be able to access the information using older browsers.

  • WolfwoodWolfwood Posts: 464
    ShelLuser said:

    Why is the Daz Documentation Center not a secure site link?

    URL: http://docs.daz3d.com/doku.php

    I think a better question is "why do you think it needs to be?". Because the only thing we're talking about here is encryption: making sure the data between the webserver and your computer gets encrypted to avoid others from spying. But since this is public documentation we're talking about there's nothing to protect. Adding encryption won't change anything, all it does is making things a lot more harder for Daz then they need to be.

    This whole "https is better than http" is a load of nonsense because it doesn't make things more secure at all, all it does is prevent possible 3rd party spies.

    In fact, but I realize I might take things a bit too far here, this whole https fascination is actually a main reason why we're running out of IPv4 addresses!  See: a webserver can easily host multiple websites using 1 single IP addresss, it does this through "name based verification". So: the webserver gets a request for a website, recognizes the name and then serves the right site. Adding encryption (so: using https) makes this impossibe. After all: first you need to establish an encrypted connection before you can sent data across. As a result every "https website" has to be hosted using a dedicated IP address. You know... the main thing we've been running short of multiple times?

    Worst part of it all, as mentioned above, is that https doesn't make things more secure at all.

    So yah, IMO it's a good thing that https isn't used. This makes the site more responsive and you'll also be able to access the information using older browsers.

    Dedicated IP per site? You are a little outdated in how HTTPS and SSL Certificates work. Virtualhost and SSL have been working side by side for a long time. Not only you don't need a new IP in a shared host, you don't need a new certificate for subdomains even if the sites are hosted in different hosts. You can get wildcard certificates.

    Also in terms of compatibility, is more what you loose by not having HTTPS properly setup, than what you may gain for allowing systems so old that reached EOL many years ago.

  • ShelLuserShelLuser Posts: 260
    edited December 2020
    Wolfwood said:

    Dedicated IP per site? You are a little outdated in how HTTPS and SSL Certificates work.

    Hardly. I'm well aware of the newer standards but those aren't as commonly used as you seem to think. And for good reasons because any kind of "input" on the client side can be a potential risk for the serverside. A good security policy isn't about immediately using the latest and "greatest".

    Post edited by ShelLuser on
  • Victor_BVictor_B Posts: 338
    DAZ_Rawb said:

    Who says these forums are even secure? At least the store is secure...

    The forums are marked as insecure because there is content that people have linked (through their signatures and the like) that is http instead of https, the other option to this is not allowing embedded remote content, which might be a good idea from a privacy perspective so we'll have to look into that someday.T

    Thanks for that bit of info, it makes me feel a lot better then, as that's much better than having vulnerabilities in the code! 

    The browser's mark "secure" or "not secure" is not about the code at all. It's about SSL Sertificate, which is not about site's code too. Only sites with user registration requires SSL sertificates (online shops, online bank accounts etc), so browser can send user's data (login, password, credit cart info etc.) to server via secure protocol (HTTPS). Other sites (such as Daz Documentation Center or news sites) are not requres secure connection at all. They are not collect any user's info.

Sign In or Register to comment.