(RESOLVED) Will it ever be implemented? HTTPS
Discussion
GreigM said:
Tonsko said:
MD5.
Run!
Hey, I'd take it over cleartext. Most "hackers" have limited capability beyond running the scripts they download, would someone really put in the effort to extract and brute-force an MD5 hash....for PISTONHEADS logins?Run!
That being said if it is MD5 the code structure is in place for the hashing process - so would be a 5 min job to upgrade to something with decent strength.
bhstewie said:
Google don't have that long either I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.
All that jazz said:
I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.
Is that the same James Drake who has, on a few occasions, replied to all on emails without using BCC? More than once.
In one mail thread.
Just saying.
ETA: Then blames the intern.
All that jazz said:
I'm disappointed that JAMES DRAKE, HEAD OF PISTONHEADS COMMUNITY has not responded and assured the community that HAYMARKET takes the members' privacy, security and personal data very seriously and assure us that https will be in place by the end of this month as stated by his colleague.
In all seriousness what do you expect this type of post to achieve? Ten pages in and PH are ignoring the issue. Just like the phonesafe one.
It's apparent they don't really care about either issue.
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
That question is far more fitting to your own post. Clearly you don't care about the issue so what are you doing in this thread and why aren't you in other threads that pique your interest? Many of us do care about the issue and want it fixing. They didn't care about creating a "what car?" forum for years either but eventually they got sick of us being a constant thorn in their sides and made it happen.Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
Ten pages in and PH are ignoring the issue. Just like the phonesafe one.
It's apparent they don't really care about either issue.
Indeed, but when (not IF) a user's details are compromised it will be easier to crucify in the press/sue (delete as per your preference) Haymarket for supreme arrogance and/or incompetenceTen pages in and PH are ignoring the issue. Just like the phonesafe one.
It's apparent they don't really care about either issue.
GreigM said:
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
Ten pages in and PH are ignoring the issue. Just like the phonesafe one.
It's apparent they don't really care about either issue.
Indeed, but when (not IF) a user's details are compromised it will be easier to crucify in the press/sue (delete as per your preference) Haymarket for supreme arrogance and/or incompetenceTen pages in and PH are ignoring the issue. Just like the phonesafe one.
It's apparent they don't really care about either issue.
thebraketester said:
As I have suggested before.
Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
It's a trivial task but something you can get locked up for Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
What exactly are the dev team working on ?
All that jazz said:
Dan_1981 said:
In all seriousness what do you expect this type of post to achieve?
That question is far more fitting to your own post. Clearly you don't care about the issue so what are you doing in this thread and why aren't you in other threads that pique your interest? Many of us do care about the issue and want it fixing. They didn't care about creating a "what car?" forum for years either but eventually they got sick of us being a constant thorn in their sides and made it happen.However the post you made with names in bold will not drive a response, it just looks childish.
Oh and I still don't think Racing Pete works at PH anymore.....
Dan_1981 said:
It does interest me. I think the lack of response is typical of PH these days.
However the post you made with names in bold will not drive a response, it just looks childish.
Oh and I still don't think Racing Pete works at PH anymore.....
Be that as it may, but when the Head of the Community actively avoids the topic yet can be seen posting on nearly every other feedback topic, sometimes these measures are needed. Perhaps by shining the spotlight on them and giving them a virtual 'kick up the arse' it will prompt them to actually find out what's happening about it rather than simply ignoring the topic and praying that we all get bored and forget about it (not gonna happen!). Oh and passing the buck with "not my department" isn't going to wash either.However the post you made with names in bold will not drive a response, it just looks childish.
Oh and I still don't think Racing Pete works at PH anymore.....
dmsims said:
thebraketester said:
As I have suggested before.
Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
It's a trivial task but something you can get locked up for Someone attack the weakness in the system and PM me my password and I will personally drive to haymarket and discuss it with them face to face.
What exactly are the dev team working on ?
thebraketester said:
Well I wont divulge the hackers ID...... your honour.
But Haymarket might feel that a breach of the Computer Misuse Act had been committed.You would probably be on slightly safer ground by demonstrating, with consent, a Man in the Middle approach, where the unencrypted IP packet was examined, and the password shown to be visible. Much simpler. Anyone got Wireshark to hand?
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff