(RESOLVED) Will it ever be implemented? HTTPS
Discussion
On topic, may I draw everyone's everyone's attention to the New Rules of Posting No.23? :
23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
glenrobbo said:
On topic, may I draw everyone's everyone's attention to the New Rules of Posting No.23? :
23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
Yeh I started a separate thread about that, seeking clarification, as it's far too woolly to offer a convincing defence if pulled in under the CMA.23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
Edited by Tonsko on Thursday 16th February 15:52
glenrobbo said:
On topic, may I draw everyone's everyone's attention to the New Rules of Posting No.23? :
23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
And at the risk of amateur sleuthing myself - please change that to:23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
If you report we will completely ignore you - so don't bother
We have much more "important" things to work on e.g. messing up the home page
interesting that they have ignored the documentation for the STS they're using. they'd have to override the default setting to get identityserver to work over http which is clearly stated as being unacceptable for production environments -
"By default, IdentityServer requires all incoming connections to come over HTTPS. It is absolutely mandatory that communication with IdentityServer is done over secured transports only."
so i'm guessing your identity/access token can be intercepted and used for impersonation attacks.
"By default, IdentityServer requires all incoming connections to come over HTTPS. It is absolutely mandatory that communication with IdentityServer is done over secured transports only."
so i'm guessing your identity/access token can be intercepted and used for impersonation attacks.
dmsims said:
glenrobbo said:
On topic, may I draw everyone's everyone's attention to the New Rules of Posting No.23? :
23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
And at the risk of amateur sleuthing myself - please change that to:23.PistonHeads and Haymarket Media Group Limited are committed to the privacy, safety and security of all our users and customers. If you discover any potential security vulnerability, please report it to us through info@pistonheads.com or data.protection@haymarket.com and we will investigate it and respond to you as soon as possible. To help us to research and resolve any potential vulnerabilities as quickly as possible, please include full details of any issue when submitting your report. Publicly disclosing any potential vulnerability could put the wider community at risk, therefore we encourage you not to disclose any potential issues until they have been addressed and a resolution has been confirmed by us.
Just sayin'.
If you report we will completely ignore you - so don't bother
We have much more "important" things to work on e.g. messing up the home page
We have some further updates on the implementation of HTTPS on PistonHeads.
As mentioned in a previous update on 2 Feb, this work is being done in stages with the highest priority being the implementation of HTTPS on all pages that have personal data (i.e. login, registration, change password, email confirmation and account details). We have completed the latter work, but it has some critical dependencies that need to be worked out before we can release it. We are aiming to be able to provide timeframes on when this work will be released next week at which point we will provide another update.
Thanks - Laura on behalf of the Tech team
As mentioned in a previous update on 2 Feb, this work is being done in stages with the highest priority being the implementation of HTTPS on all pages that have personal data (i.e. login, registration, change password, email confirmation and account details). We have completed the latter work, but it has some critical dependencies that need to be worked out before we can release it. We are aiming to be able to provide timeframes on when this work will be released next week at which point we will provide another update.
Thanks - Laura on behalf of the Tech team
PistonTechs said:
We have some further updates on the implementation of HTTPS on PistonHeads.
As mentioned in a previous update on 2 Feb, this work is being done in stages with the highest priority being the implementation of HTTPS on all pages that have personal data (i.e. login, registration, change password, email confirmation and account details). We have completed the latter work, but it has some critical dependencies that need to be worked out before we can release it. We are aiming to be able to provide timeframes on when this work will be released next week at which point we will provide another update.
Thanks - Laura on behalf of the Tech team
In case you guys weren't awareAs mentioned in a previous update on 2 Feb, this work is being done in stages with the highest priority being the implementation of HTTPS on all pages that have personal data (i.e. login, registration, change password, email confirmation and account details). We have completed the latter work, but it has some critical dependencies that need to be worked out before we can release it. We are aiming to be able to provide timeframes on when this work will be released next week at which point we will provide another update.
Thanks - Laura on behalf of the Tech team
http://www.pistonheads.com/gassing/topic.asp?h=0&a...
If you need anymore resource I suggest you show your bosses this, as people now cannot access the site which I am sure will impact revenues
I think it's highly unlikely that Google would just *block* non-secure sites arbitrarily for all users. They haven't announced plans to do this (yet).
More likely is that a subset of users have non-secure sites blocked by their corporate policy or a setting they've made in Chrome on those devices.
Hardly reason for Haymarket to panic just yet.
More likely is that a subset of users have non-secure sites blocked by their corporate policy or a setting they've made in Chrome on those devices.
Hardly reason for Haymarket to panic just yet.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff