Jump to content


Photo

Security of the Forum Website


  • Please log in to reply
5 replies to this topic

#1 Stephen G-F

Stephen G-F

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 20 April 2018 - 02:10 PM

For the last several years I have always taken this website as provided, trusted and without a second thought as regards security; it has not been an issue. However, in recommending the Forum to a recently discovered cousin who is also a RootsMagic user, I was told that Firefox says the site is insecure which was something of a surprise to me. I then looked at my browser, Google, which says the same; I had not noticed this before and had no reason to look for it as I regarded the Form as a trusted site. Simply browsing the Forum has not presented any security issue and nor has it done so when I first registered and subsequently logged in to my account and posted on the Forum. If I have understood this issue correctly (and if I have not, I’ll happily stand to be corrected), theoretically, any practical security risk arises from setting up an account in the first instance and then logging in subsequently with user name and password and posting on the Forum.

First question, have I properly understood this and second, should the Forum have security for registration and logging in and, if so, is it proposed to do so? I would welcome comments and enlightenment. Thank you, Stephen.

 



#2 cj1260

cj1260

    Member

  • Members
  • PipPip
  • 13 posts

Posted 20 April 2018 - 02:29 PM

You are correct in that the forums use basic unsecured transport protocols (i.e. http) instead of the secured version (https). In this day and age, imho all web sites should be secured especially since it is so easy to do with certificate authorities such as Let's Encrypt.

 

However, with that said, I don't consider it much of a security risk for myself in these forums. From my point of view, what's the worst that can happen... someone steals my credentials, signs on and makes posts in my name that make me look like a moron?? I can already do that by myself. LOL! :-)



#3 kbens0n

kbens0n

    Advanced Member

  • Members
  • PipPipPip
  • 3388 posts

Posted 20 April 2018 - 03:18 PM

Firefox shows the warning like this:2018-04-20_171525.jpg

---
--- "GENEALOGY, n. An account of one's descent from an ancestor who did not particularly care to trace his own." - Ambrose Bierce
--- "The trouble ain't what people don't know, it's what they know that ain't so." - Josh Billings
---Ô¿Ô---
K e V i N


#4 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 3088 posts

Posted 20 April 2018 - 03:23 PM

What cj1260 said.

 

For example, I was at the public library earlier today with my laptop. While I was there, I logged into to this forum to read any new postings. Therefore, there was a potential exposure of my credentials for this forum if somebody was there with a network sniffing device that they used on the library's WiFi. I don't have the same concern at my house, even if somebody sits outside my house with a network sniffing device, because the WiFi at my house is encrypted and only I know my house's WiFi password.

 

On the other hand, while I was at the public library I also logged in very briefly to my bank. Doing so is not normally a very good security practice. However, my bank's Web site (and the Web site of essentially every bank in the world) uses https rather than http. In addition, my bank's Web site also uses two factor authentication. So even if somebody sniffed the library's Wifi and broke my bank's https encryption, they still would not be able to logon to my bank's Web site as me.

 

This forum (and really, every Web site in the world that uses a logon) needs to switch over to https - at least for the logon. I'm not sure it matters for a site like this after the logon, but it really needs https for the logon.

 

Jerry

 



#5 Stephen G-F

Stephen G-F

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 22 April 2018 - 10:15 AM

Thank you all for your comments, much appreciated. I'm pleased to find that I wasn't far off the mark when I made my original post on this subject.

 

With reference to Jerry's last comment (with which I entirely agree), I wonder if Renee Zamora would like to comment and maybe tell us if there's a view on this and if there are any plans to make the Forum site more secure.

 

Stephen.



#6 Renee Zamora

Renee Zamora

    Advanced Member

  • Support
  • PipPipPip
  • 7956 posts

Posted 23 April 2018 - 08:30 AM

Development is checking into this. 


Renee
RootsMagic