-
28th March 19, 04:27 PM
#1
Website not secure
Just got a “ website not secure “ warning, about this website, from my browser.
Any thing to be concerned about?
waulk softly and carry a big schtick
-
-
28th March 19, 05:06 PM
#2
No, nothing to be concerned about. This is a new thing that is popping up.
It has to do with a certificate that e-commerce sites are converting to.
As X Marks is not an e-commerce site we have not felt a need to convert over to this type of site.
For now, just ignore the message. We may convert at some later date and we will make an announcement before we do.
-
-
28th March 19, 06:42 PM
#3
Steve............A few minutes ago, while trying to post a comment, I hit the the Preview Post button. For a split second (literally), I saw a white screen, with WARNING followed by other words. Is this part of the same "Nothing to be concerned about"? .
Cheers,
Steve
"I can draw a mouse with a pencil, but I can't draw a pencil with a mouse"
-
-
29th March 19, 11:37 AM
#4
As I said before this is a fairly recent addition to browsers like Chrome and Firefox. It is your browser, not X Marks, that is displaying the "not secure" message.
This message does not mean that there is anything wrong with X Marks.
The new addition on browsers looks for the difference between sites that use the http protocol v.s. those that use the https protocol. Any page with a website address starting with "http:// v.s. "https:// will cause the browser to display the “Not Secure” warning.
The additional 's' in https stands for 'secure' and denotes that the site has purchased an SSL certificate. An SSL (Secure Sockets Layer) certificate then installs a code on the website which activates an encryption 'padlock' between the site and a customer. This padlock adds an additional level of security for those sites which transmit sensitive data such as credit card numbers, payments and payment information between a site and a customer. Sort of like a secure or encrypted telephone, like those used in the Pentagon, v.s. a regular phone in your home.
Amazon is an https site.
I have spoken to kiltedcodewarrior about this and he advises, that while we could purchase an SSL certificate, it does not really give us any added features or security for an on-line forum where no credit card information or payments are transmitted between X Marks and our members.
But yes, I will probably be forced to purchase an SSL certificate, in the near future, just to end the "not secure" being displayed and our members becoming concerned.
-
The Following User Says 'Aye' to Steve Ashton For This Useful Post:
-
5th April 19, 01:29 PM
#5
Originally Posted by Steve Ashton
I have spoken to kiltedcodewarrior about this and he advises, that while we could purchase an SSL certificate, it does not really give us any added features or security for an on-line forum where no credit card information or payments are transmitted between X Marks and our members.
But yes, I will probably be forced to purchase an SSL certificate, in the near future, just to end the "not secure" being displayed and our members becoming concerned.
Beyond the minor annoyance of newer browsers displaying warnings, the other reason you might consider installing a security certificate is to fully encrypt our login credentials. A lot of people will use the same password or two across many different platforms and non-encrypted traffic is fairly trivial to sniff and parse, which means cracking a password on one site can lead to a malicious actor being able to access many, if not all, other sites/services that person uses.
Looking at the website's code, it is apparently doing an MD5 hash (encryption) of the password when you click the "Log in" button, which means the passwords at least aren't being sent as plain-text. However, while MD5 is not a directly reversible algorithm, its long history and known limitations/problems make it relatively easy to crack MD5-encrypted strings, especially on modern hardware which can calculate 10s-100s of millions of MD5 hashes per second.
Last edited by TheGratefulNed; 5th April 19 at 02:21 PM.
Verbing weirds language.
-
-
7th April 19, 11:17 AM
#6
I seem to remember this coming up a while ago and it is a salutary lesson for everyone not to use the same password across websites.
-
-
29th March 19, 11:39 AM
#7
Originally Posted by Baeau
Steve............A few minutes ago, while trying to post a comment, I hit the the Preview Post button. For a split second (literally), I saw a white screen, with WARNING followed by other words. Is this part of the same "Nothing to be concerned about"? .
Cheers,
Steve
No, I do not believe your white screen is part of the same thing. I am not sure what you saw.
-
-
29th March 19, 11:48 AM
#8
That's two of us, that aren't sure what I saw. This moment, I hit Preview Post. No white screen. All is normal. The sky isn't falling. Thanks for the SSL Certificate explaination.
"I can draw a mouse with a pencil, but I can't draw a pencil with a mouse"
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks