• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Website login is http: NOT https:

T

tk149

Diamond Member
Our company website has a login section for certain sections. I just noticed that after logging in, the address bar shows "http", not "https". Also, the little "padlock" thingie is missing.

There's information in there that our competitors would probably like to know, but no e-commerce goes through the site.

Is this a problem?

(no, I'm not giving out the website address)
 
Originally posted by: tfinch2
Did you try to navigate to <a target=_blank class=ftalternatingbarlinklarge href="https://www.yoursite.com/whatever?"><a target=_blank class=ftalternatingbarlinklarge href="https://www.yoursite.com/whatever?">https://www.yoursite.com/whatever?</a></a>

If that works, redirect http to https
Click to expand...

I don't understand what you mean. I have almost no programming experience.

I tried manually changing the "http" to "https" on the page after the login:

http://www.xxxxxxxxxxx.com/html/dealer/index.htm

changed to:

https://www.xxxxxxxxxxx.com/html/dealer/index.htm

and got a Certificate expired pop-up box. Then I clicked OK, and got a "Page not found" error.

I emailed the person in charge of the website, and found that she has no idea what SSL is.
 
Originally posted by: tk149
Originally posted by: JBT
Its possible to be secure with out it, but from the sounds of it probably not...
Click to expand...

So how easy would it be to break into the website?
Click to expand...

Depends on how how valuable the information is, and how much the hacker is being paid for said information.
 
Just because SSL isn't enabled doesn't mean anyone could have easy access to your information, it just means that if someone really wanted it, they'd be able to get it.
 
Originally posted by: KLin
Originally posted by: tk149
Originally posted by: JBT
Its possible to be secure with out it, but from the sounds of it probably not...
Click to expand...

So how easy would it be to break into the website?
Click to expand...

Depends on how how valuable the information is, and how much the hacker is being paid for said information.
Click to expand...

not to mention how much easier the login passwords are to hack.

The real reason behind SSL is to encrypt the data going back and forth. When a user logs in over an http connection, his username and password are being transmitted in plain text. Technically, that makes it possible for some one to "read" what's being sent.
Please feel free to correct me if I'm off base on this though anyone 🙂
 
SSL means *NOTHING* with regards to the security of the information that's stored on your server. SSL is used to encrypt data as it moves over the wire from the server to your computer, so that it can't be read in transit.

SSL prevents other people from lsitening to the data that your webserver sends out. It doesn't help to prevent them from hacking your server.
 
Sounds to me like it's working fine. Whoever designed it wanted logins/passwords to be sent over an encrypted line (SSL). Once the login is complete they are no longer concerned about sending the data through SSL. This is fine, a site can run much slower through ssl so if the data being transmitted isn't sensitive then there's no reason to use SSL
 
If the site uses frames, it is possible that the page is encrypted and the lock not show on browser window. The page containing the master fameset is not encrypted, but the page within one of the frames is encrypted (could be a Login screen). You can right click in any particular frame (in IE) and look at the page properties to see if it is using SSL.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top