(RESOLVED) Will it ever be implemented? HTTPS
Discussion
Jack Mansfield said:
Hi,
Implementing HTTPS is still on the cards and a work in progress. Thank you for your patience.
Jack
It's been a "work in progress" for over 12 months. Can we have a date it will be implemented by please. ReacingPete promised it would be done by this month! Was that a lie then?Implementing HTTPS is still on the cards and a work in progress. Thank you for your patience.
Jack
MagicalTrevor said:
Mattt said:
Haymarket should be ashamed of their performance with this issue.
Just this one issue? Vaud said:
The "compliance" ones are important... https and phonesafe are easy fixes that no-one cares about, but they should as they could bite them very hard... it's not "can we have avatars".
Yeah because Tarquin in marketing says it will have no effect on sales and whoever the latest white spectacled (no lenses), fixie bike manager is CBAanonymous said:
[redacted]
Actually it's ambiguous, but I agree with your sentiment.- which is currently being resolved with a January deadline - could mean the "deadline" is in Jan, of the start of Jan, or the end of Jan
- which is currently being resolved with a deadline of the start of of Jan - still ambiguous as "start" could mean around the 1st
- which is currently being resolved with a deadline of Jan 31 5pm - clear cut
- which is currently being resolved with a deadline of Jan 1 5pm - clear cut
But this is PH, we don't argue about semantics, do we?
dmsims said:
Mattt said:
If the whole site HTTPS project is delayed, a company like Haymarket could sort the login form as a minimum within an hour.
EFASo what if it isn't a permanent green padlock sign - I don't really care, so long as the password is encrypted.
And can we make the big assumption that the passwords are at least not kept unencrypted in the back end database?
Tonsko said:
MD5.
Run!
Hey, I'd take it over cleartext. Most "hackers" have limited capability beyond running the scripts they download, would someone really put in the effort to extract and brute-force an MD5 hash....for PISTONHEADS logins?Run!
That being said if it is MD5 the code structure is in place for the hashing process - so would be a 5 min job to upgrade to something with decent strength.
Gassing Station | Website Feedback | Top of Page | What's New | My Stuff