• We're giving away a Cyclingnews water bottle! Find out more here!

Site security - SSL

Status
Not open for further replies.
Sep 12, 2016
334
0
0
When you visit the site you get to see a message that claims CyclingNews values my privacy and offers me options to turn certain cookies on or off. I think this is a good step towards becoming a privacy-friendly and secure website.

I think you should seriously consider implementing SSL (https) in both the website and the forums. At this moment when you log in to the forums, this goes through an unsecure connection, making the complete website and its users' credentials vulnerable to even the simplest attacks. My suggestion is to set up SSL and force this for every visitor of CN. This is, luckily, no rocket science to do and is IMHO one of the most basic security measures for a site, especially CN given its size and popularity.
 
Sep 6, 2012
92
0
8,680
The site owners seem to not care. I mentioned it over a year ago that they are sending forum logins unsecured, figuring it was an accidental site setup goof (viewtopic.php?f=11&t=33165). Think I e-mailed some site contacts back then too.

Maybe the angle that non-SSL allows intermediates like ISPs to strip out / replace page content (like putting in their own ads or referrer links) is better motivation for the site landlords?
 
Re:

mojomonkey said:
The site owners seem to not care. I mentioned it over a year ago that they are sending forum logins unsecured, figuring it was an accidental site setup goof (viewtopic.php?f=11&t=33165). Think I e-mailed some site contacts back then too.

Maybe the angle that non-SSL allows intermediates like ISPs to strip out / replace page content (like putting in their own ads or referrer links) is better motivation for the site landlords?
I remember the comments that you posted and I tried to move it up the chain to the people that would actually be able to do something about it but it never was responded to and then the sale of immediate media/CN killed that idea. I will propose it again and hope that with a new regime in place, they might have a different philosophy wrt website security.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS