PINTO CAR CLUB of AMERICA

Shiny is Good! => General Pinto Talk => Topic started by: Wittsend on May 12, 2018, 12:08:16 PM

Title: PCCA Site Security
Post by: Wittsend on May 12, 2018, 12:08:16 PM
I've noticed that the PCCA (and some other car based sites I frequent) do not have the Lock icon and the words SECURED in the address bar [/size]http://www.fordpinto.com/index.php (http://www.studebakerdriversclub.com/index.asp)[/color][/size]. Is this something that slips by un-noticed? Is there a reason for this? Is it a cause for concern?[/color][/size]I looked over at the Allpar site (huge Chrysler based website) and they do have the Lock and words secure https://www.allpar.com/index.php (https://www.allpar.com/index.php) . So, just wondering???[/size]
Title: Re: PCCA Site Security
Post by: dga57 on May 12, 2018, 04:54:21 PM
I've noticed that the PCCA (and some other car based sites I frequent) do not have the Lock icon and the words SECURED in the address bar http://www.fordpinto.com/index.php (http://www.studebakerdriversclub.com/index.asp). Is this something that slips by un-noticed? Is there a reason for this? Is it a cause for concern?I looked over at the Allpar site (huge Chrysler based website) and they do have the Lock and words secure https://www.allpar.com/index.php (https://www.allpar.com/index.php) . So, just wondering???

Address that concern directly to Scott Hamilton by way of a Personal Message.  There may be some reason he hasn't gone that route, but I truly don't know.

Dwayne
Title: Re: PCCA Site Security
Post by: Cookieboystoys on May 17, 2018, 04:06:49 PM
I don't consider it a concern for forums in general unless... you are making purchases, using credit cards or bank info

read more about https vs http here.

https://www.instantssl.com/ssl-certificate-products/https.html (https://www.instantssl.com/ssl-certificate-products/https.html)

the nutshell....

Why Is an SSL Certificate Required?
All communications sent over regular HTTP connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the 'communication' is on an order form and includes your credit card details or social security number. With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.

Benefits of Hypertext Transfer Protocol Secure
The major benefits of a HTTPS certificate are:

Customer information, like credit card numbers, is encrypted and cannot be intercepted
Visitors can verify you are a registered business and that you own the domain
Customers are more likely to trust and complete purchases from sites that use HTTPS
Title: Re: PCCA Site Security
Post by: 65ShelbyClone on May 20, 2018, 03:14:45 PM
I don't consider it a concern for forums in general unless... you are making purchases, using credit cards or bank info

I might agree if at least the login page was over HTTPS, but I just checked and it's not secured either.

Having a forum account compromised would allow an attacker to access all the account's information and messages which could contain personal or sensitive information. It could also open the door for an attacker to find and compromise someone's other accounts, especially if that person is careless and uses the same or similar passwords in other places. Granted that is poor practice on the user's part, but it wouldn't be their fault that the hole was opened in the first place.

I don't think forum posts necessarily need to be transmitted securely because they land in a public-facing space and should not contain anything the poster wants to keep private anyway. But that login page...