| Author |
 Topic  |
|
|
Nick Feakes
USA
3331 Posts |
 Posted - 28/03/2017 : 12:40:55
|
Some browsers have started giving a security warning when you log in.
This new feature is to warn you that the link with the website is not encrypted during the login process. Nothing has changed with our software and the information passed over the internet is only potentially vulnerable at the instant of login. I have looked into the possibility of having an https: for login (which is what that message is all about) but it is not possible to do that with our current server. I believe the risk is low and I therefore do not believe the complexity and cost of introducing this extra security is warranted given that there is no sensitive information held on the server that would be of use to a third party, your password is encrypted and even I cannot decode it.
Using any password in a public place increases the risk of hacking, particularly in places like internet cafes and airports, both electronic hacking or simply looking over your shoulder (much easier to do). If you suspect your password might have been compromised, log into your profile (top right corner of these pages) and change it. If you are unable to log in, contact me and I will reset your password for you.
Nick
Webmaster |
|
|
Bruce Sutherland
United Kingdom
1543 Posts |
Posted - 28/03/2017 : 15:20:55
|
Nick,
My knowledge about internet security is very limited, but if our website does not have the enhanced security
of having an https: for login does that not mean that a hacker could gain access and corrupt/destroy much/any of the data/discussions/pictures we have stored?
I seem to recall previous forum comments about the limitations of the current server. If improved website security is or becomes an issue, then this would prompt a change to both the server and to https: security.
Better sooner than later?
Bruce. (PB0564) |
Edited by - Bruce Sutherland on 28/03/2017 15:22:06 |
 |
|
|
Nick Feakes
USA
3331 Posts |
Posted - 28/03/2017 : 16:19:04
|
Bruce
No. The risk is a hacker might be able to get a member's password and then log in as that person. They could of course then make posts in that person's name but I can very quickly lock any account and delete anything inappropriate.
The database is held on a separate server so is not accessible directly. Even if they succeeded in obtaining access, all the passwords on the server are one way encrypted and cannot be deciphered.
The risk is really only present when the connection is over a public WiFi network, a home setup is secure because you need a password to get on to the system. Airport, Internet cafes etc are not secure, therein lies the most danger.
Nick
Webmaster |
|
|
|
Nick Feakes
USA
3331 Posts |
Posted - 29/03/2017 : 02:28:09
|
Further to my comments above, I am exploring the costs of moving to a secure server. There are several other steps along the way that cost some money, but we shall see.
Nick
Webmaster |
|
|
|
gordclark
Canada
170 Posts |
Posted - 06/04/2017 : 06:24:07
|
I have been subscribing to the MG Cars.org TD/TF forum for many years now and it has been hacked several times. Fortunately we have an excellent Webmaster there in Mike Plumstead who keeps a keen eye on things. Its pretty obvious when we get an interloper, and Mike stonewalls him immediately. To this day, this is not a secure site.
The point in all of this is, that a serious hacker will always be a step ahead of us. We are always reacting defensively, so I'm not convinced that a secure web-site is all that much good. If you're that worried, I suggest you set up a proxy server (like a sacrificial electrode), so that if it gets hacked, its not serious.
Gord Clark |
|
|
|
gordclark
Canada
170 Posts |
Posted - 06/04/2017 : 06:24:18
|
I have been subscribing to the MG Cars.org TD/TF forum for many years now and it has been hacked several times. Fortunately we have an excellent Webmaster there in Mike Plumstead who keeps a keen eye on things. Its pretty obvious when we get an interloper, and Mike stonewalls him immediately. To this day, this is not a secure site.
The point in all of this is, that a serious hacker will always be a step ahead of us. We are always reacting defensively, so I'm not convinced that a secure web-site is all that much good. If you're that worried, I suggest you set up a proxy server (like a sacrificial electrode), so that if it gets hacked, its not serious.
Gord Clark |
|
|
|
Widung
Sweden
189 Posts |
Posted - 06/04/2017 : 15:46:09
|
We are very lucky that we have such a competent webmaster!
Thanks for describing the possible consequences for us of hacking.
Please continue the good work!
Widung
PB0635 |
|
|
| |
Topic |
|
Forum Locked
Topic Locked
