Author Topic: Security  (Read 4222 times)

G1ZmO

  • CSOG Founder
  • Administrator
  • Hero Member
  • *****
  • Posts: 1019
  • Karma: +14/-0
    • CSOG
Security
« on: June 25, 2011, 12:43:18 AM »
I feel I should point out that, as the forum was previously hacked it would NOT be a good idea to use the same password which you used on the old forum in case it is known to whoever hacked the forum previously.

As a bit of password advice: Learn 6 to 8 digit sequence of random lower and upper case letters and numbers and append this to your usual password(s) to strengthen them.
Paul

Longjohn54

  • CSOG'er
  • Hero Member
  • ***
  • Posts: 559
  • Karma: +9/-0
Re: Security
« Reply #1 on: June 25, 2011, 01:24:32 PM »
As this forum url is http rather than https, am I right in thinking that there is no encryption on this forum and therefore all communication (including userid and passwords) is sent in plain text?
John

Ad Astra Tabernamque  (to the stars and pub)

SpookyKatt

  • CSOG'er
  • Hero Member
  • ***
  • Posts: 1015
  • Karma: +13/-1
Re: Security
« Reply #2 on: June 25, 2011, 02:34:35 PM »
Hmmm interesting point John, is it easily changed ?
HEQ5/EQ5
Tal 200K and Tal 100R
Equinox 80 and Orion 80
Skywatcher 150mm Refractor
Modded Canon EOS 400D
DFK-31AF03

G1ZmO

  • CSOG Founder
  • Administrator
  • Hero Member
  • *****
  • Posts: 1019
  • Karma: +14/-0
    • CSOG
Re: Security
« Reply #3 on: June 25, 2011, 03:27:50 PM »
This I really dont know. I'll look into it but I'm fairly dim at this stuff lol
Paul

Iris

  • CSOG'er
  • Jr. Member
  • ***
  • Posts: 56
  • Karma: +0/-0
Re: Security
« Reply #4 on: June 25, 2011, 03:49:13 PM »
If you want to use ssl (https) then you will (I think) need an ssl certificate from a trusted source = cost money..

But I think the latest versions of SMF (providing you have javascript enabled on your browser for this site) will only send  a hash of the user credentials to the server even on http.

The forum also stores the passwords as a hash on the db so there is no prospect that a casual thief will be able to obtain them but with time and the right tools they could eventually be obtained (guessed)  so changing the password you use is a reasonably sensible approach.


Longjohn54

  • CSOG'er
  • Hero Member
  • ***
  • Posts: 559
  • Karma: +9/-0
Re: Security
« Reply #5 on: June 25, 2011, 05:20:37 PM »

But I think the latest versions of SMF (providing you have javascript enabled on your browser for this site) will only send  a hash of the user credentials to the server even on http.

That should be secure enough.  Thanks.
John

Ad Astra Tabernamque  (to the stars and pub)

bdmhenderson

  • Newbie
  • *
  • Posts: 17
  • Karma: +3/-0
Re: Security
« Reply #6 on: June 25, 2011, 05:49:41 PM »
If you don't have a paid for vert for SSL you will get an error message in IE saying there is a problem but will let you click passed it. However it will still be secured. I believe GoDaddy do fairly cheap SSL certs - well in comparison to the likes of VeriSign.

G1ZmO

  • CSOG Founder
  • Administrator
  • Hero Member
  • *****
  • Posts: 1019
  • Karma: +14/-0
    • CSOG
Re: Security
« Reply #7 on: August 07, 2011, 11:13:47 PM »
On another 'security' note.

I happened to look to see what guests were doing and noticed that some were "viewing SOMEONES profile"

It would be advisable to ensure that your email address is hidden from non members.

I have disabled guests from seeing user profiles

Paul
Paul