You are here

[Fixed] Could PortableApps.com Platform be upgraded to use HTTPS instead of HTTP?

8 posts / 0 new
Last post
PortableGood
Offline
Last seen: 3 months 1 week ago
Joined: 2014-10-06 11:51
[Fixed] Could PortableApps.com Platform be upgraded to use HTTPS instead of HTTP?

The PortableApps.com Platform appears to be using HTTP (instead of HTTPS) for many of its connections.

Could the PortableApps.com Platform be upgraded to only use HTTPS?

Even with checksums, using HTTP creates many risks that can be mitigated with HTTPS.

HTTPS certificates are currently free of cost.

John T. Haller
John T. Haller's picture
Offline
Last seen: 9 hours 2 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Coming Soon

The platform currently has the PA.c website switch from http to https for downloads based on operating system (Windows XP and Vista don't support modern https connections without modification). That code will shortly be moved into the updater itself so the connection is https the whole time on Windows 7/8/10/11 and Wine.

Sometimes, the impossible can become possible, if you're awesome!

John T. Haller
John T. Haller's picture
Offline
Last seen: 9 hours 2 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Fixed in 21.0

Platform 21.0, just released, switches to https by default for downloads from our site and SourceForge as well as ancillary downloads (like missing icons in the app store). On machines running an OS older than Windows 7, it will still use insecure connections for compatibility.

Sometimes, the impossible can become possible, if you're awesome!

PortableGood
Offline
Last seen: 3 months 1 week ago
Joined: 2014-10-06 11:51
Thank you... and an issue...

Thank you! You're definitely awesome!

I updated the platform to 21.0, and now I get the following error when checking for updates:

> Unable to connect to PortableApps.com to retrieve portable apps. Please try again later. [ SendRequest Error ]

PortableGood
Offline
Last seen: 3 months 1 week ago
Joined: 2014-10-06 11:51
...error is sporadic...

I tested it 3-4 times before posting and got the error each time.

I did nothing on my end (except review firewall logs, which obviously doesn't change anything), and then it worked without error.

John T. Haller
John T. Haller's picture
Offline
Last seen: 9 hours 2 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
More Details

I'll need some more details like what OS you're running, 32-bit or 64-bit, what malware package, etc so I can reproduce the issue. It works out of the box on Windows 7 and later, both 32 and 64-bit. I tested them all. But if you're configured differently, it could fail.

Sometimes, the impossible can become possible, if you're awesome!

PortableGood
Offline
Last seen: 3 months 1 week ago
Joined: 2014-10-06 11:51
Maybe a transient server issue?

Maybe it was a transient server issue? It seems to be working now.

Separately, I changed firewall settings to only allow port 443 (instead of 80 and 443) for the PortableApps.com Platform.

When I do this, I get the following error:

---------------------------
PortableApps.com Platform
---------------------------
Unable to download the file. This could be due to a proxy or network issue or the hosting server not permitting downloads from your location.

I got that error when trying to update the classic version of Eraser via the PortableApps.com platform.

If I also allow port 80 for the PortableApps.com platform, the error goes away.

It seems like if everything is using HTTPS, port 80 would no longer be used. Maybe something in the PortableApps.com Platform is still relying on HTTP?

John T. Haller
John T. Haller's picture
Offline
Last seen: 9 hours 2 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Should Be, SourceForge

I checked the updater database and not all apps are yet updated to our newest links. I updated Eraser Classic Portable and it should be https all the way through now. If it's not, SourceForge may redirect the https://downloads.sourceforge.net/... links to http and back on route to the mirrors. Please give Eraser a try to for you.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments