Jump to content

Recommended Posts

Posted

Thanks Russ and interesting read. I'm sure our webmaster will answer soon ?

Posted

It doesn't look to be implemented on here. This isn't always a problem but my issue is with the sign in page which is also not secured by ssl/tls, so credentials from your browser to the site are sent in the clear. The chances of someone actually collecting the data is probably small but the risk still exists. Screenshot_20170125-224823.png

Posted

The webmaster is aware of the thread. It's not my area of expertise, (I can knock an old fashioned style site together with Dreamweaver and Flash, but that's my limit!) So I can really add any comments of my own.

Posted

Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. 

I'll await response from on high, but thought best raise a possible vulnerability. 

Posted

I'm aware of this and will look into it. 

Posted
2 hours ago, RussH said:

Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. 

I'll await response from on high, but thought best raise a possible vulnerability. 

The issue raised is to do with "packet sniffing" - so someone intercepting the network traffic when they are on the same network as you (like McDonalds/Airport/Office/Hotel wifi).

Your details are secure unless someone hacks your account - and while it is technically possible for someone to intercept your email and password using a packet sniffer like WireShark, it is pretty unlikely. The issue was raised on PH a year ago and there's no news of mass attacks on there as far as I can see?

User passwords are stored in an encrypted format, so even I can't see them. Personally - I don't use the same password for my bank etc as I do on forums or other public access sites and I change them every now and then despite the pain of remembering them all.

However, I'll talk to the Committee about implementing SSL on the server as our Member's data integrity is obviously very important.

  • Like 3
Posted

Thanks Chris :)

  • 3 weeks later...
Posted

We now have SSL logins and an A rating on SSL labs

you can put your details back in now @RussH so we can deliver your Club Mag!

  • Like 2
Posted

Thanks Chris - amazing work considering how long it's taken those PH muppets

Posted

Thank Adrian for the effort all I did was prod him!

As he set the server up I left it to him. Moving forward I'll be taking over more and more though :t-up:

Posted

Yes, my thanks to Ade and Chris for all they do, including this. :t-up:

Moving to this wasn't free and the risk was extremely minimal, but the cost was worth it to keep members feeling safe and secure about their personal details.  I'd like to add the club has never suffered a security breach with member info.

Of course, I know where you all live, and I know what some of you did last summer, so there's always me to worry about instead... :devil::p :laugh:

  • Like 1
Posted

well done Chris and Ade.

David

Posted

Top work, thanks chaps :t-up:

And thanks Russ for flagging, you're my hero x

Posted

Since this was implemented I have been inundated with spam email. Is this coincidence or a possible link?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Please review our Terms of Use, Guidelines and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.