TAFKARM Posted January 25, 2017 Share Posted January 25, 2017 I'm no techie, but just checking we don't potentially have the same issue? http://www.pistonheads.com/gassing/topic.asp?h=0&f=209&t=1576172 http://www.pistonheads.com/gassing/topic.asp?h=0&f=24&t=1648392 Quote Link to comment Share on other sites More sharing options...
Nick Algar - Competition Secretary Posted January 25, 2017 Share Posted January 25, 2017 Thanks Russ and interesting read. I'm sure our webmaster will answer soon ? Quote Link to comment Share on other sites More sharing options...
bigron Posted January 25, 2017 Share Posted January 25, 2017 It doesn't look to be implemented on here. This isn't always a problem but my issue is with the sign in page which is also not secured by ssl/tls, so credentials from your browser to the site are sent in the clear. The chances of someone actually collecting the data is probably small but the risk still exists. Quote Link to comment Share on other sites More sharing options...
Dave Eastwood (Gadgetman) - Club Chairman Posted January 26, 2017 Share Posted January 26, 2017 The webmaster is aware of the thread. It's not my area of expertise, (I can knock an old fashioned style site together with Dreamweaver and Flash, but that's my limit!) So I can really add any comments of my own. Quote Link to comment Share on other sites More sharing options...
TAFKARM Posted January 26, 2017 Author Share Posted January 26, 2017 Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. I'll await response from on high, but thought best raise a possible vulnerability. Quote Link to comment Share on other sites More sharing options...
Kingster Posted January 26, 2017 Share Posted January 26, 2017 I'm aware of this and will look into it. Quote Link to comment Share on other sites More sharing options...
Kingster Posted January 26, 2017 Share Posted January 26, 2017 2 hours ago, RussH said: Thanks - my big concern is security of the "only you can see these details! Understand?" Data that sits in our profile. I'll await response from on high, but thought best raise a possible vulnerability. The issue raised is to do with "packet sniffing" - so someone intercepting the network traffic when they are on the same network as you (like McDonalds/Airport/Office/Hotel wifi). Your details are secure unless someone hacks your account - and while it is technically possible for someone to intercept your email and password using a packet sniffer like WireShark, it is pretty unlikely. The issue was raised on PH a year ago and there's no news of mass attacks on there as far as I can see? User passwords are stored in an encrypted format, so even I can't see them. Personally - I don't use the same password for my bank etc as I do on forums or other public access sites and I change them every now and then despite the pain of remembering them all. However, I'll talk to the Committee about implementing SSL on the server as our Member's data integrity is obviously very important. 3 Quote Link to comment Share on other sites More sharing options...
TAFKARM Posted January 26, 2017 Author Share Posted January 26, 2017 Thanks Chris Quote Link to comment Share on other sites More sharing options...
Kingster Posted February 14, 2017 Share Posted February 14, 2017 We now have SSL logins and an A rating on SSL labs you can put your details back in now @RussH so we can deliver your Club Mag! 2 Quote Link to comment Share on other sites More sharing options...
TAFKARM Posted February 14, 2017 Author Share Posted February 14, 2017 Thanks Chris - amazing work considering how long it's taken those PH muppets Quote Link to comment Share on other sites More sharing options...
Kingster Posted February 14, 2017 Share Posted February 14, 2017 Thank Adrian for the effort all I did was prod him! As he set the server up I left it to him. Moving forward I'll be taking over more and more though Quote Link to comment Share on other sites More sharing options...
Captain Colonial Posted February 14, 2017 Share Posted February 14, 2017 Yes, my thanks to Ade and Chris for all they do, including this. Moving to this wasn't free and the risk was extremely minimal, but the cost was worth it to keep members feeling safe and secure about their personal details. I'd like to add the club has never suffered a security breach with member info. Of course, I know where you all live, and I know what some of you did last summer, so there's always me to worry about instead... 1 Quote Link to comment Share on other sites More sharing options...
XTR2Turbo Posted February 14, 2017 Share Posted February 14, 2017 well done Chris and Ade. David Quote Link to comment Share on other sites More sharing options...
B.RAD Posted February 14, 2017 Share Posted February 14, 2017 Top work, thanks chaps And thanks Russ for flagging, you're my hero x Quote Link to comment Share on other sites More sharing options...
John Loudon - Sponsorship Liaison Posted February 15, 2017 Share Posted February 15, 2017 Since this was implemented I have been inundated with spam email. Is this coincidence or a possible link? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.