8 Guests, 0 Users

Author Topic: PCCA Site Security  (Read 857 times)

0 Members and 1 Guest are viewing this topic.

Offline Wittsend

  • Pinto Master
  • *****
  • Posts: 2260
  • FeedBack: +241/-0

  • Total Badges: 8
    Badges: (View All)
    Tenth year Anniversary Mobile User Topic Starter Poll Voter 1000 Posts Linux User Windows User Fifth year Anniversary
PCCA Site Security
« on: May 12, 2018, 12:08:16 PM »
I've noticed that the PCCA (and some other car based sites I frequent) do not have the Lock icon and the words SECURED in the address bar [/size]http://www.fordpinto.com/index.php[/color][/size]. Is this something that slips by un-noticed? Is there a reason for this? Is it a cause for concern?[/color][/size]I looked over at the Allpar site (huge Chrysler based website) and they do have the Lock and words secure https://www.allpar.com/index.php . So, just wondering???[/size]

Offline dga57

  • Chief Moderator / Admin
  • FordPinto.com Moderator
  • Pinto PooBAH
  • ***
  • Posts: 6864
  • FeedBack: +208/-0
  • Gender: Male

  • Total Badges: 8
    Badges: (View All)
    Tenth year Anniversary Topic Starter Signature Poll Voter Mobile User Windows User 1000 Posts Fifth year Anniversary
Re: PCCA Site Security
« Reply #1 on: May 12, 2018, 04:54:21 PM »
I've noticed that the PCCA (and some other car based sites I frequent) do not have the Lock icon and the words SECURED in the address bar http://www.fordpinto.com/index.php. Is this something that slips by un-noticed? Is there a reason for this? Is it a cause for concern?I looked over at the Allpar site (huge Chrysler based website) and they do have the Lock and words secure https://www.allpar.com/index.php . So, just wondering???

Address that concern directly to Scott Hamilton by way of a Personal Message.  There may be some reason he hasn't gone that route, but I truly don't know.

Dwayne
Pinto Car Club of America - Serving the Ford Pinto enthusiast since 1999.

Offline Cookieboystoys

  • Eater of Cookies
  • PCCA Management Board
  • Pinto Master
  • ******
  • Posts: 2238
  • FeedBack: +59/-1
  • Gender: Male
  • It's All About The Pinto's! Baby!
    • Cookieboy's Toys on Facebook

  • Total Badges: 8
    Badges: (View All)
    Signature Topic Starter Poll Voter Photographer Windows User 1000 Posts Webmaster Fifth year Anniversary
Re: PCCA Site Security
« Reply #2 on: May 17, 2018, 04:06:49 PM »
I don't consider it a concern for forums in general unless... you are making purchases, using credit cards or bank info

read more about https vs http here.

https://www.instantssl.com/ssl-certificate-products/https.html

the nutshell....

Why Is an SSL Certificate Required?
All communications sent over regular HTTP connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the 'communication' is on an order form and includes your credit card details or social security number. With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able decrypt any of the data which passes between you and the website.

Benefits of Hypertext Transfer Protocol Secure
The major benefits of a HTTPS certificate are:

Customer information, like credit card numbers, is encrypted and cannot be intercepted
Visitors can verify you are a registered business and that you own the domain
Customers are more likely to trust and complete purchases from sites that use HTTPS
It's all about the Pintos! Baby!

Offline 65ShelbyClone

  • Pinto Sr. Member
  • ****
  • Posts: 725
  • FeedBack: +139/-0
  • Soylent Green

  • Total Badges: 7
    Badges: (View All)
    Fifth year Anniversary Topic Starter Signature Poll Voter Mobile User Linux User Windows User
Re: PCCA Site Security
« Reply #3 on: May 20, 2018, 03:14:45 PM »
I don't consider it a concern for forums in general unless... you are making purchases, using credit cards or bank info

I might agree if at least the login page was over HTTPS, but I just checked and it's not secured either.

Having a forum account compromised would allow an attacker to access all the account's information and messages which could contain personal or sensitive information. It could also open the door for an attacker to find and compromise someone's other accounts, especially if that person is careless and uses the same or similar passwords in other places. Granted that is poor practice on the user's part, but it wouldn't be their fault that the hole was opened in the first place.

I don't think forum posts necessarily need to be transmitted securely because they land in a public-facing space and should not contain anything the poster wants to keep private anyway. But that login page...
'72 Runabout - 2.3T, T5, MegaSquirt-II, 8", 5-lugs, big brakes.
'68 Mustang - Built roller 302, Toploader, 9", etc.