Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com terms of usage.


   SearchSearch     

Is Gixen site not secure?

 
Post new topic   Reply to topic    Gixen.com Forum Index -> Support
View previous topic :: View next topic  
Author Message
BADBOB22
Guest





PostPosted: Wed Nov 07, 2018 6:44 pm    Post subject: Is Gixen site not secure? Reply with quote

My address bar now says (Not secure) It use to say (https) in Gixen.
Whats up with that?

Thanks
Bob
Back to top
Cupid



Joined: 09 Aug 2007
Posts: 7575
Location: Bristol, UK

PostPosted: Thu Nov 08, 2018 6:37 am    Post subject: Reply with quote

Your credentials are sent securely, which is what matters.

If you have a Mirror subscription Gixen also keeps using the https (secure) protocol after you log in. If not it doesn't because hosting adverts precludes it's use, that doesn't make the site insecure though.

I don't think this has changed for a long time, if you are seeing a difference it's probably due to an update to your browser software, which browser do you use ?
_________________
Mark
Back to top
View user's profile Send private message
BADBOB22
Guest





PostPosted: Thu Nov 08, 2018 7:28 pm    Post subject: Reply with quote

Hey Mark I use Chrome. Im not great at computer stuff I just do what it says.
Its red and says do not enter passwords and stuff etc.
Im 99% sure it was secure (https) I hardly ever see this but on "girl" sites LOL.
As much as I use Gixen I would of noticed if it was Not secure before.

Thanks
Bob
Back to top
Cupid



Joined: 09 Aug 2007
Posts: 7575
Location: Bristol, UK

PostPosted: Fri Nov 09, 2018 1:35 am    Post subject: Reply with quote

The Gixen software hasn't changed Bob.

Your credentials are sent securely, and that is what matters. What I'm saying is, it is secure, when it needs to be.
_________________
Mark
Back to top
View user's profile Send private message
Gixen
Advertisements





PostPosted: Fri Nov 09, 2018 1:35 am    Post subject:

Back to top
Ramona
Guest





PostPosted: Sat Nov 10, 2018 9:24 am    Post subject: Reply with quote

It's not quite that simple - any HTTP connection is at risk (albeit small) of being intercepted and, for example, serving malware to the browser requesting the connection.

This is why all the major browsers are moving to a position where they are flagging up any non-HTTPS connection as "insecure".

The performance overhead of using HTTPS over HTTP is quite small, and there's really no good excuse for any web site not to be using (exclusively) HTTPS these days.
Back to top
anton
Guest





PostPosted: Sun Mar 31, 2019 5:12 am    Post subject: Reply with quote

As a software engineer I can confirm that what Ramona is saying is true. Something like a "man in the middle attack" is not that difficult to accomplish when non-secure communication takes place (even with a secured log-in layer), and since the service is potentially destructive in a monetary / eBay user rating sense, this should be taken seriously. There are enough trolls on the internet that would do this just for fun. I am a new subscriber (paid service) to Gixen and when I noticed the service isn't consistently using HTTPS, I decided to dive into the forum to find out why... In this day and age there is no good reason to not use HTTPS for this type of use case.
Back to top
Cupid



Joined: 09 Aug 2007
Posts: 7575
Location: Bristol, UK

PostPosted: Sun Mar 31, 2019 1:34 pm    Post subject: Reply with quote

As far as I am aware the reason Gixen doesn't use if for everything is because you can't host adverts over an https connection.

Subscribers get a secure connection for everything once they are logged in, as one you'll already be aware of that so I'm happy to highlight that your implication that this may not be the case is slightly misplaced. There is no loss of income for Gixen from this because one of the advantages of having a Mirror subscription is not to have those adverts.

So, I think making everything Https would also have to result in removal of the free service for anyone as well... which would not be popular and a sad loss to those that use the service very infrequently.

I've acknowledged 'man in the middle' scenarios in the past, and yes they are indeed possible, however just because something is possible doesn't make it likely and certainly not probable in any sense. They are extremely rare and only ever worthwhile for websites that a large majority of people use. We couldn't claim that applies to Gixen, even as a very well renowned sniping service.

It would never be worthwhile to attack a service like Gixen in this manner because, even if you did ever gain access to someone's account you still couldn't gain any financial advantage whatsoever... it's a fair amount of work to accomplish and therefore doing it for fun isn't really as easy an option as you suggest, and there has to be something to gain from doing it, and there really isn't, not in this case anyway.

BTW I'm also a software engineer, and so is Mario.
_________________
Mark


Last edited by Cupid on Sat Jun 01, 2019 12:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7111

PostPosted: Mon Apr 01, 2019 8:35 am    Post subject: Reply with quote

I agree that a small risk remains when not using https everywhere, and the motivation for this has indeed been ad income. I am changing this, however - and now you should see https everywhere. If you don't and still see a page server as plain http, please let me know.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Gixen.com Forum Index -> Support All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.