Announcement

Collapse
No announcement yet.

Please secure this forum

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Please secure this forum

    Please enable HTTPS for this forum, it's basic "101 Security and Privacy" for any website these days.

    Cheers,
    Taomyn

  • #2
    Over a year and no-one seems to care about security

    Come on guys, an SSL certificate for this site is free these days.

    Comment


    • #3
      I'll mention it in the next meeting but I don't see why we need to, there are many other forums that don't use https.
      The Singularity profile - One profile to rule them all and at HCS we bound them

      You see, TheThingIs, eventually you'll be allright.

      Comment


      • #4
        Well I'll remind you when someone either has their account stolen and spams the lot of us, or steals the credentials for an admin account and deletes the whole forum. Remember if you ever get onto the radar of GDPR you'll also be fined.

        Comment


        • #5
          Taomyn Have to agree with you on this one. I didn't say anything previously because I have to boss people around about this stuff as part of my day job in Compliance (in the US). I only recently started playing Elite and using HCS, so wasn't here to see your original post.

          TheThingIs -- It's 2018; SSL is the bare minimum regardless of what type of site is being run. No SSL means login credentials are being passed as plaintext; that's generally a bad idea. Generally, people also tend to use the same username & password combos across sites / services. Add the two issues together, and it's not a stretch to see a malicious actor easily compromising the HCS forum and from there being able to compromise HCS' storefront, or worse, other connected services (imagine if they got HCS credentials for sendowl, and deleted every customer's receipt / list of links for their voice packs?).

          While the unfortunate reality is that everybody is probably going to get hacked at some point, it doesn't mean we need to make it easy for malicious actors to do it....

          Some reference material / bedtime reading:
          https://www.globalsign.com/en/blog/b...always-on-ssl/

          https://blog.nexcess.net/2014/09/03/...ing-ssl-https/

          Comment

          Working...
          X