 |
By (user no longer on site) OP
over a year ago
|
Can we have HTTPS access to the site? It wouldn't cost too much to buy a certificate and it would protect us from having the content, including user name and password, being snooped on.
Thanks. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
Also this standard is now being surpassed: Make sure the top left part of the address turns green when using Firefox or Opera.
This means it is using an EV certificate - bascially even stronger protection. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"Can we have HTTPS access to the site? It wouldn't cost too much to buy a certificate and it would protect us from having the content, including user name and password, being snooped on.
Thanks."
I'm no techy - but as a free site what's to stop anyone joining up, logging on ti the site via https - and snioping away to their hearts content?
You can already stop non-members viewing and your profile showing via google searches.
Not sure how you'd stop another member seeing (and potentially copying content of) any profiles?  |
Reply privately, Reply in forum +quote
or View forums list | |
https (sometimes referred to as secure, or SSL/TLS) isn't about protecting your information online.
It's about protecting your communication between you and the server that hosts the site.
If you are out and about and using a mobile hotspot in say Starbucks (very racy) or even on 3G data on a smartphone, any information you send to the server is sent unencrypted without https (i.e. over http).
Now think about the things you send in messages, do you want that information sent that way? no, definitely not.
The same when you log onto the site, it means that you username and password could be sent in plain text (for the initiated its probably hashed but if like most sites they haven't changed from the standard MD5 hash algorithm, its effectively plain text)
What this means is that if someone were to be malicious, your communications and your FAB account details are much more easily hackable than without https.
Hope that helps.
PS: EV or Extended Verification certs are much more (i.e. 5 times as much) expensive and they are no more secure than a standard certificate. It is however something more visible then the usual padlock symbol used in most browsers.
|
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"https (sometimes referred to as secure, or SSL/TLS) isn't about protecting your information online.
It's about protecting your communication between you and the server that hosts the site.
If you are out and about and using a mobile hotspot in say Starbucks (very racy) or even on 3G data on a smartphone, any information you send to the server is sent unencrypted without https (i.e. over http).
Now think about the things you send in messages, do you want that information sent that way? no, definitely not.
The same when you log onto the site, it means that you username and password could be sent in plain text (for the initiated its probably hashed but if like most sites they haven't changed from the standard MD5 hash algorithm, its effectively plain text)
What this means is that if someone were to be malicious, your communications and your FAB account details are much more easily hackable than without https.
Hope that helps.
PS: EV or Extended Verification certs are much more (i.e. 5 times as much) expensive and they are no more secure than a standard certificate. It is however something more visible then the usual padlock symbol used in most browsers.
"
So effectively wouldn't stop anyone nicking pics or profile details - just make signing in and messaging more secure?
Thanks! |
Reply privately, Reply in forum +quote
or View forums list | |
Obi Haive (Ooooh Matron?)
Essentially yes, that right. Of course if everything were https then viewing images, uploading etc, should all be encrypted too. Theoretically, so too would the forums and chat also. |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"Can we have HTTPS access to the site? It wouldn't cost too much to buy a certificate and it would protect us from having the content, including user name and password, being snooped on.
Thanks."
 |
Reply privately, Reply in forum +quote
or View forums list | |
"https (sometimes referred to as secure, or SSL/TLS) isn't about protecting your information online.
It's about protecting your communication between you and the server that hosts the site.
If you are out and about and using a mobile hotspot in say Starbucks (very racy) or even on 3G data on a smartphone, any information you send to the server is sent unencrypted without https (i.e. over http).
Now think about the things you send in messages, do you want that information sent that way? no, definitely not.
The same when you log onto the site, it means that you username and password could be sent in plain text (for the initiated its probably hashed but if like most sites they haven't changed from the standard MD5 hash algorithm, its effectively plain text)
What this means is that if someone were to be malicious, your communications and your FAB account details are much more easily hackable than without https.
Hope that helps.
PS: EV or Extended Verification certs are much more (i.e. 5 times as much) expensive and they are no more secure than a standard certificate. It is however something more visible then the usual padlock symbol used in most browsers.
So effectively wouldn't stop anyone nicking pics or profile details - just make signing in and messaging more secure?
Thanks! "
It encrypts the traffic between the server and your device. So, unless I can install a listening device in that circuit, what you send/receive is secure from me. |
Reply privately, Reply in forum +quote
or View forums list | |
» Add a new message to this topic
