Site Not Secure?
Ghosty12
Posts: 2,080
in The Commons
Not sure how long this has been like this but have noticed that Firefox says that the connection to daz3d.com is not secure and it does not show a grren padlock and not sure why.. But it has me concerned that it is like this.. Where as other sites like youtube and even another 3D content site are secure and show the green padlock..
Daz 3D is part of 
Connect
DAZ Productions, Inc.
7533 S Center View Ct #4664
West Jordan, UT 84084
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2025 Daz Productions Inc. All Rights Reserved.
Comments
Curious about that too... Weird logging in stuff has happened off and on just now...
If you put something in your cart and go to the checkout page (where you enter payment info), you should see the green padlock.
It has been this way for a long time You will notice that the main store and forums are http; however, the parts with personnal data such as your account, shopping cart, etc. are secure https. Just be careful not to post any personnal information to the forums.
Basically we have 2 sites merged into one, but running two different softwares. The main log in is through Megento, which is the store side of the site, thus the secure one. This is why you can sometimes get the half and half thing when the software gets confuse as to whether you are logged in or not. THis is caused most times by logging in on the Vanilla side and not on the Magento side. If I log off I always log back in on the front page, and tick to stay logged in. This logs me into both sides simultaneously and allows them to synchronise.
Ahh thank you for that, just interesting why to have two different sides of the site one being secure and one not, and not have it all be secure.. Anyway thankyou for the info and I did check my account area and saw the green padlock.. :)
The green padlock does show up when going thru the cart though, which is comforting ;).
Laurie
To fill you all in on what is going on:
Browsers have started switching their opinion of what is secure and not secure around a little. Modern browsers are looking for anything that looks like a username or password field on a page and if they can find it, and the page isn't HTTPS (secured and encrypted web traffic) they will start complaining. Previously they would only complain when a password was attempting to be sent to a non-HTTPS site. Our system always makes sure that all passwords (and credit card numbers) that you are sending are going over a secured and encrypted method, which is why you have not gotten complaints about this from your browser in the past.
The web team here will be working on switching the entire site over to HTTPS, we would have done it in the past but there were some chunks of code in the system that would fight it and turn in to infinite redirect loops. In order to do it correctly it will take some time, so don't expect a sudden change in the upcoming days but know that it is coming.
Thanks for the update Rawb.
TBH, it all should be HTTPS; there is a move towards it.
Just wondering; does this include when we enter coupon codes and suchlike on the cart page? That's the only time I get Firefox kicking up a complaint, it says I'm trying to send data over an unsecured link.
Coupon codes and gift card codes looks like they are being sent non-HTTPS, it switches over to HTTPS at the next stage of the checkout (when credit cards are involved). This will get moved over to being sent over HTTPS as we switch everything on the site to being HTTPS only.
This is what DAZ _Rawb is talking about; he's just pointing out that it hasn't happened yet because of code issues that need to be fixed.
So @DAZ_Rawb , what exactly was the maintenance that was done when the site went down five to six hours, and why weren't we given any advance notice? That is REALLY poor netiquette. I just barely missed getting screwed up by two minutes, using my DIM (which of course went down), people checking out got caught by surprise, and people using Connect. So what exactly were you folks doing, and are you going to do this to us again? I hope NOT.
The biggest problem I have with Connect isn't the DRM so much as THIS. Daz is down and so is DS. THAT bugs me ;).
Laurie
Yep. They missed at least one sale to me. With the DO sale stacking with the Dragonsbane sale I had Rune 7 Pro Bundle for about $20 in my cart along with Iray Stone Floor and Wall Tile Shaders for $10.47 when the site went down. I know -- I still could have gotten it when the site finally came back up; but by then I didn't bother and saved the money instead.
With the last update to Firefox, almost every website that I go to that requires a password shows a red X up the left corner of the address bar. And if you hover your mouse over the icon, it will says that it is not secure to enter your password. But once you log in, they all become secure. (There was even one credit card company that use to be this way. And this was BEFORE the recent update browser update. But they fixed that quite a while ago.) I oftened wondered why they wouldn't make the page where you enter your password secure.
And if you use Microsoft Edge, have you noticed that they in their infinite wisdom have eliminated the padlock. I normally don't use Edge, but I was forced to when I was having trouble with a website. I had to search on the web on how to tell if the page was secure in Edge. You have to select the address in the address bar to see if it is https, because that doesn't display either.
But maybe they have fixed that by now. Another thing I don't like about Edge is that they wouldn't let you decide where you wanted to save a download. It wanted to put everything in one folder. (But I think they might have finally fixed that.)
Just to correct a misconception here: Daz Connect content still loads even if it can't connect to anything. You don't even need to be connected to the internet to install content if you use the offline installers and have logged in once on the machine.
As to the downtime and lack of warning: There were a number of ducks that all needed to get in a row in order to accomplish the goals of this downtime. There were a number of false starts that had something wrong with them to call a halt to the launch. When everything came up aligned we took the opportunity. The downtime wasn't scheduled to be very long (right about an hour to an hour and a half) but Murphy and his law came in and added some excitement to really draw it out. I won't bore you with details, but if you ever want to be really frustrated I would recommend an intermittently bad ethernet cable to your primary storage node.
I think if you've passed your time period that you need to log in again, nothing will work, but I won't argue the issue ;). I should have never mentioned it, especially in this thread.
Good luck in getting the site sorted ;).
Laurie
Thank you for the new info it is good to know that the site will eventually be all HTTPS.. :)
Ducks?
this sounds like that time recently when I was on the forums here and norton wanted to block you
http://www.daz3d.com/forums/discussion/145426/daz-being-naughty#latest
From the American expression 'to get all your ducks in a row' which means to get all all your affairs in order or organized.
think any mention of ducks gets Ati quackers going by his avatar
I meant it as a joke, because of my duck avatar. :)
There isn't one - you need to log in only once unless the machine specification is seen as having changed.
The lack of communication in terms of warning us ahead of time (at least a week) and during outages, along with the outages themselves are a major reason I avoid their DRM'd products. It speaks volumes about whenther they are truly ready to support heading down that path. It is nice to to DAZ_Rawb and others show up in the forums more often, but it's way too informal. Not sure why they don't set up an outage notifications mailing list and why there is not an outage notiofication forum thread.
If you have installed something with Connect it is on your computer not in some 'cloud', the DAZ site being down won't stop you from using them.
And if that happens while the store is down for maintenance, the user is out of luck, unless the authentication server is still up. This is why many people do not like (and I'm putting it mildly) DRM.
Geometrically aligned waterfowl, if you prefer.
And from personal experience, one method of changing the machine specification is to add or swap video cards.