Wirholt Posted February 5, 2014 Share Posted February 5, 2014 I start the home page of this forum with the link http://forums.Groundspeak.com/GC/. Then in the upper-right corner I click "Sign in" to enter my credentials. Recently, I discovered, that the login page is still using http, not https. This means that my password goes as uncoded plain text over the network. Anybody listening on the network can easily read my credentials in this way. I am not worried about my home network, but I often use public network. Why not offering a more secure way to sign in? SSL, what is used in https, is no longer a very advanced technology. For geocaching.com this is used already. Why not for the forum sign-in page? Quote Link to comment
+T.D.M.22 Posted February 5, 2014 Share Posted February 5, 2014 The forum is provided by a third party. I'm not a geen-e-us when it comes to this, but doesn't that mean it's beyond Groundspeak's control? Or is that just the forum's inner workings? Quote Link to comment
+UMainah Posted February 5, 2014 Share Posted February 5, 2014 The forum is provided by a third party. I'm not a geen-e-us when it comes to this, but doesn't that mean it's beyond Groundspeak's control? Or is that just the forum's inner workings? The forum itself is provided and controlled by Groundspeak. The forum software (IP.Board) is developed by a third-party. This software does support https/SSL login. Groundspeak has not enabled it though. Quote Link to comment
Moun10Bike Posted February 5, 2014 Share Posted February 5, 2014 Thank you for raising this issue. I have informed our IT team of the situation. Quote Link to comment
+Dgwphotos Posted February 6, 2014 Share Posted February 6, 2014 I start the home page of this forum with the link http://forums.Groundspeak.com/GC/. Then in the upper-right corner I click "Sign in" to enter my credentials. Recently, I discovered, that the login page is still using http, not https. This means that my password goes as uncoded plain text over the network. Anybody listening on the network can easily read my credentials in this way. I am not worried about my home network, but I often use public network. Why not offering a more secure way to sign in? SSL, what is used in https, is no longer a very advanced technology. For geocaching.com this is used already. Why not for the forum sign-in page? It does cost money to get a trusted root certificate. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.