Important: These forums are for discussions between SkyDemon users. They are not routinely monitored by SkyDemon staff so any urgent issues should be sent directly to our Customer Support.

SSL for Website and Forums


Author
Message
jokoenig
jokoenig
Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)
Group: Forum Members
Posts: 29, Visits: 32
Dear Tim & Team,

I've noticed that the websites and forums settings are not completey state of the art when it comes to encryption. There are potential points of improvement I've found:

- The website has an SSL certificate, which is good. However, visitors are not forwarded automatically to the encrypted version
- The forums do not have encryption at all

Especially since you're dealing with personal data and logins, this is a potential security risk. However, implementing a baseline of security is not much effort at all. All you need is a certificate for the forums page and an automatic redirection for both pages. Free SSL certificates can be obtained from Let's Encrypt for example.

If you want to make a game out of it: Try to improve your grade for both sites on https://observatory.mozilla.org . Once you've started, it's actually quite funny to see the score rising :-)

Best Regards
jk

Tim Dawson
Tim Dawson
SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)
Group: Moderators
Posts: 5.8K, Visits: 4.4K
We incorporate encryption on our website everywhere that any personal or financial details are entered. This is standard practice. While we could encrypt every single piece of traffic, there is no tangible benefit in doing so.

These forums are hosted by a third party, are not designed for any personal or transactional information and I do not believe there are any plans to encrypt them.

jokoenig
jokoenig
Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)Too Much Forum (2.8K reputation)
Group: Forum Members
Posts: 29, Visits: 32
Tim Dawson - 12/10/2018 11:20:28 AM
We incorporate encryption on our website everywhere that any personal or financial details are entered. This is standard practice. While we could encrypt every single piece of traffic, there is no tangible benefit in doing so.

These forums are hosted by a third party, are not designed for any personal or transactional information and I do not believe there are any plans to encrypt them.


Tim,
saying that "encrypting only where its needed is standard practice" is actually a very bad practice and is far away from a standard you want to follow. That was standard practice back in the days when people used paper maps and got their weather report via telefax.
There's actually not a single valid argument default against encrypt.

By the way, just two examples of non-encrypted pages which collect personal data:
- http://skydemon.aero/start/ (e-mail address)

The fact that your forums provider doesn't offer transport layer security even though people are typing in e-mail addresses and passwords is actually a security nightmare waiting for disaster.

From a professional standpoint, I strongly advise you to enable SSL/TLS on all web ressources you're running, along with other standard security practices such as HSTS, CSP, Secure Cookies, ...

Tim Dawson
Tim Dawson
SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)SkyDemon Team (480K reputation)
Group: Moderators
Posts: 5.8K, Visits: 4.4K
It's very kind of you to be so concerned with the way our website works. We will bear your feedback in mind.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search