Thread: Not Secure
View Single Post
Old 05-04-2019, 12:16 PM   #5
Janet H
TF Site Team
 
Janet H's Avatar
 
City: Olypen
Vessel Name: Pacifica
Vessel Model: Cape Dory
Join Date: Jan 2012
Posts: 2,558
The login pages here are secure (httpS) but as noted, the rest of the site is not. We store no financial info or other sensitive content here and we long ago changed login pages (where password data is passed) to meet current security standards.

Last year google began to push websites to use https instead of http as a security update. A few months ago they began to actually began to display that little red triangle;"not secure" on browser address lines.

We hand coded an update to make the LOGIN page https. This is the page where user credentials are passed and the only sensitive data we store. Once a member has logged in the site reverts to http (and the alert begins to display in browsers). Using https on all pages actually breaks some things the forum. Offsite links and hosted images may no longer work, ads don't display, photos, etc.

So... as you login the page is secure (https) but once you have logged in the regular site is http. Since no login/pass info is being sent on these pages we believe this is safe and reasonable. We will eventually switch to full SSL but as noted by other posters there are some concerns to weigh as we make that choice.

You can read more about the google alerts here: https://www.wired.com/story/google-c...-secure-label/
Janet H is offline   Reply With Quote