• The Cycling News forum is looking to add some volunteer moderators with Red Rick's recent retirement. If you're interested in helping keep our discussions on track, send a direct message to @SHaines here on the forum, or use the Contact Us form to message the Community Team.

    In the meanwhile, please use the Report option if you see a post that doesn't fit within the forum rules.

    Thanks!

Site security - SSL

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
W

wouterkaas

Sep 12, 2016
441
0
0
Visit site
When you visit the site you get to see a message that claims CyclingNews values my privacy and offers me options to turn certain cookies on or off. I think this is a good step towards becoming a privacy-friendly and secure website.

I think you should seriously consider implementing SSL (https) in both the website and the forums. At this moment when you log in to the forums, this goes through an unsecure connection, making the complete website and its users' credentials vulnerable to even the simplest attacks. My suggestion is to set up SSL and force this for every visitor of CN. This is, luckily, no rocket science to do and is IMHO one of the most basic security measures for a site, especially CN given its size and popularity.
 
M

mojomonkey

Sep 6, 2012
114
0
8,680
Visit site
The site owners seem to not care. I mentioned it over a year ago that they are sending forum logins unsecured, figuring it was an accidental site setup goof (viewtopic.php?f=11&t=33165). Think I e-mailed some site contacts back then too.

Maybe the angle that non-SSL allows intermediates like ISPs to strip out / replace page content (like putting in their own ads or referrer links) is better motivation for the site landlords?
 
Irondan

Irondan

Apr 30, 2014
9,605
393
22,381
www.cyclingnews.com
Re:

mojomonkey said:
The site owners seem to not care. I mentioned it over a year ago that they are sending forum logins unsecured, figuring it was an accidental site setup goof (viewtopic.php?f=11&t=33165). Think I e-mailed some site contacts back then too.

Maybe the angle that non-SSL allows intermediates like ISPs to strip out / replace page content (like putting in their own ads or referrer links) is better motivation for the site landlords?
Click to expand...
I remember the comments that you posted and I tried to move it up the chain to the people that would actually be able to do something about it but it never was responded to and then the sale of immediate media/CN killed that idea. I will propose it again and hope that with a new regime in place, they might have a different philosophy wrt website security.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom