Wetlook World ForumCurrent time: Wed 24/04/24 06:22:53 GMT |
Message # 69838.1 Subject: Re:Discussion Starter With Producers - Insecure Logins To Wetlook Websites Date: Sun 12/03/17 23:44:11 GMT Name: AnthonyX Email: anthonyx@jowc.net |
Report Abuse or Problem to Nigel at Minxmovies
|
I am not a wetlook producer, but I have implemented a few websites over the years, both with and without security. From that experience, I can say the following:
If you can register a domain, you can just about as easily buy an SSL (TLS, actually) certificate for it. Certificates used to be expensive - about $1000/yr, but these days you can get them at a fraction of that cost. Going https is somewhat more complex than going without, but most of the difficulty is one-time, and has no impact whatsoever on site authoring, other than perhaps having to edit a URL from http to https. Certificates have limited lifetimes (they expire), both as a security measure and as a recurring revenue opportunity for the CA (selling authority)... it is what it is. Renewing certificates is mildy painful, but basically comes down to paying the renewal fee and following a routine set of steps (if you are self-hosting). If you are using a provider for hosting, the whole set-up and renewal process could be as simple as checking a box and paying the requested fee.
Anyone doing e-commerce should be using a provider and not taking credit card info directly on their site. Reputable providers (CCBill, etc.) have the proper security measures in place and relieve you of any liability associated with the handling of credit card numbers because you should never see them.
If there is any practical implication, it would be around the availability of a payment provider who will do business in this sector. One of the best options in a general market would be PayPal, but they are notoriously moralistic and have been rather nasty toward producers in this sector, making them at best unreliable/untrustworthy, and at worst unavailable. If not for their hyper-moralistic policies, they would be about the best option from a security perspective.
|
In reply to Message (69838) Discussion Starter With Producers - Insecure Logins To Wetlook Websites
By GSK - Sun 12/03/17 21:31:23 GMT The Firefox browser, starting with version 52, has a new security feature - it warns users if logging into a site could be potentially unsecure by showing a grey box.You can read about it here:
https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861
Firefox used a crossed out padlock to warn about insecure sites before, but this new system is better, because it can't be overlooked so easily.
I did a quick survey on a small sample of wetlook sites and was surprised how many of them used unsecure pages for login and some even for entering credit card information!! Results below:
Wamphotography - exemplary security - this website uses a secure page both for login to the site and payments, a positive example to follow! Wetfemme.com - a gross disregard of all security measures, even the page on which you enter the payment details is a plain http page, not an https!!! Wamderland.net - registering for an account is on an http page, not a secure https, login could be compromised, I didn't go further to check the payment process Eurowam.net - seems to be a secure page on their payment processors website for payment, I didn't test the member login as I am not a member Wetfoto com - logging in to the website is not secure - credentials potentially compromised, https not used for login, payment secure through their payment processors Mostwam.tv - loggin to the site not secure, not https, payment is not secure, no https used, credit card details could be compromised!!! Soakingwet.co.uk - the download store uses a secure page for payments through their payment processor Wetlookadventure.com - login to site not secure, no https, payment secure through their payment processors
I meant this post as a discussion starter, so I would like to hear from the producers what they think about this issue, especially on those sites where the payment details are entered on insecure pages, about the practical implications, if there are any. Thank you.
|
Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs:
(you can change amount)
|
[ This page took 0.013 seconds to generate ]