(RESOLVED) Will it ever be implemented? HTTPS

It's been a "work in progress" for over 12 months. Can we have a date it will be implemented by please. ReacingPete promised it would be done by this month! Was that a lie then?

Haymarket should be ashamed of their performance with this issue.

The "compliance" ones are important... https and phonesafe are easy fixes that no-one cares about, but they should as they could bite them very hard... it's not "can we have avatars".

Clear cut to anyone with a basic understanding of English.

Actually it's ambiguous, but I agree with your sentiment.

• which is currently being resolved with a January deadline - could mean the "deadline" is in Jan, of the start of Jan, or the end of Jan
• which is currently being resolved with a deadline of the start of of Jan - still ambiguous as "start" could mean around the 1st
• which is currently being resolved with a deadline of Jan 31 5pm - clear cut
• which is currently being resolved with a deadline of Jan 1 5pm - clear cut

But this is PH, we don't argue about semantics, do we?

Enough hair-splitting - find something better to do with your time - just get the damned https done already!

EFA

This is what I don't really understand - pretty much all we need is for the login to be https. The rest of the site (inc advertising ste) could be left as-is. JUST DON'T SEND THE PASSWORDS IN CLEAR TEXT!!!

So what if it isn't a permanent green padlock sign - I don't really care, so long as the password is encrypted.

And can we make the big assumption that the passwords are at least not kept unencrypted in the back end database?

Hey, I'd take it over cleartext. Most "hackers" have limited capability beyond running the scripts they download, would someone really put in the effort to extract and brute-force an MD5 hash....for PISTONHEADS logins?

That being said if it is MD5 the code structure is in place for the hashing process - so would be a 5 min job to upgrade to something with decent strength.