I get that symbol in the URL window that suggests this site is not secure. Does that mean some certificate has lapsed? I don't necessarily freak out about "security" as a site like this. I don't drop my credit card number in here, and I don't think I used my birthdate, etc. to set up an account. But sometimes it means the people who own it or operate it have run to the hills. Or they frozen in at the top of the hills above southern california where people have been snowed in. Just curious.
Mike Todd
Site security
-
dedalus5550
- Posts: 1018
- Joined: Wed Apr 01, 2009 9:35 pm
- Location: Long Beach
Site security
Memo to Mark Twain: But what if we have too many adults acting like babies?
Re: Site security
Maybe just certificate is out of date......happened on a model car site I visit last month.....
Re: Site security
It looks to me like it's just that SSM doesn't force your connection to be done via https. If I add that in front of the site address in the URL bar, I get the lock symbol that I see on most other sites (Banking, news, etc). I don't know much about website/forum hosting, but I assume there's probably a box unticked somewhere which would force any connections to run via https.
Re: Site security
You can use the https:// and get a 'secure' connection but you won't see the lock icon as the site is allowing insecure content - in my case my profile avatar - to be loaded.
IIRC, there is a way for phpBB to force all content to be secure but I'd need to check
Eric
IIRC, there is a way for phpBB to force all content to be secure but I'd need to check
Eric
-
Bellerophon
- Posts: 2621
- Joined: Fri Oct 16, 2009 10:00 pm
- Location: 13 miles southwest of Grovers Mill
- Contact:
Re: Site security
Funny, I just did as you suggested aitala, adding the s, and I do see the lock icon in the URL bar.
So what's the risk here? Just spammers getting accounts and posting malicious links, or is there something else?
So what's the risk here? Just spammers getting accounts and posting malicious links, or is there something else?
Re: Site security
IIRC, a malicious actor could intercept/read any information traveling between the SSM forum servers and your computer. EG if your forum password happens to be the same as another password (like the SSM store) they could access that account with the intercepted password.Bellerophon wrote: ↑Fri Mar 10, 2023 11:55 am Funny, I just did as you suggested aitala, adding the s, and I do see the lock icon in the URL bar.
So what's the risk here? Just spammers getting accounts and posting malicious links, or is there something else?
Given that these are just forums and there's no payment involved anywhere, I think that password stealing would be the only risk here.