Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com terms of usage.


   SearchSearch     

Says SSL but no security encryption indicated??

 
Post new topic   Reply to topic    Gixen.com Forum Index -> Support
View previous topic :: View next topic  
Author Message
johntll
Guest
PostPosted: Sat Aug 31, 2013 11:17 am    Post subject: Says SSL but no security encryption indicated?? Reply with quote
Tried on Firefox and Microsoft IE, and not showing httpS or any other indication that it is an encrypted site of any sort. Yet, it says it''s SSL.

Can somebody explain this?? Question
Back to top
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7267
PostPosted: Sat Aug 31, 2013 3:46 pm    Post subject: Reply with quote
SSL is used during log in during which a session id is generated. After that traffic is redirected to plain http. Your password is never transmitted over plain http, but your traffic is (e.g. adding, deleting and modifying snipes).

Mirror subscribers are on SSL all the time, the session is never redirected back to plain http.
Back to top
View user's profile Send private message Send e-mail
twobuckes
Guest
PostPosted: Fri Oct 18, 2013 1:51 am    Post subject: Poor practice Reply with quote
It is poor practice to encourage users to sign in on pages that are not https. The only way that a user has of knowing that a sign in is secure is the padlock symbol (in the browser chrome) which indicates that the whole page is https. Users should not sign in on pages that do not have the padlock.
Back to top
Cupid



Joined: 09 Aug 2007
Posts: 7970
Location: Bristol, UK
PostPosted: Fri Oct 18, 2013 5:21 am    Post subject: Reply with quote
Personally, I like the simple layout provide by Gixen.

The alternative would be to provide a separate page that does nothing other than log you in. I'd rather keep the current interface but perhaps an https login page could additionally be provided somewhere else on the site.

As Mario has tirelessly explained, that would only be catering for best practice, in terms of security it really isn't necessary and the current interface is adequate and entirely fit for purpose.
_________________
Mark
Back to top
View user's profile Send private message
Gixen
Advertisements
PostPosted: Fri Oct 18, 2013 5:21 am    Post subject:
Back to top
mario
Site Admin


Joined: 03 Oct 2006
Posts: 7267
PostPosted: Fri Oct 18, 2013 3:55 pm    Post subject: Re: Poor practice Reply with quote
twobuckes wrote:
It is poor practice to encourage users to sign in on pages that are not https. The only way that a user has of knowing that a sign in is secure is the padlock symbol (in the browser chrome) which indicates that the whole page is https. Users should not sign in on pages that do not have the padlock.


So you don't (login from there). No one is preventing you from accessing Gixen via https://www.gixen.com and logging in from there if you believe the risk of non-ssl loaded login form is significant. In theory it's possible someone could tamper with such form. In practice I yet have to hear of a single case of that happening. Technically it's more difficult to do than to sniff the password and impossible to do without risking of such attack being detected.
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Gixen.com Forum Index -> Support All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.