Site not secure

Discussion in 'Site Support' started by The Velvet Curtain, 21 Apr 2019.

  1. My browser keeps telling me that this whole forum is not secure, is it me or is the an issue at the server end?

    Screenshot_20190421-110948.jpg
     
    Shermie likes this.
  2. MypinchofItaly

    MypinchofItaly Veteran

    Location:
    It also tells me the same thing
     
    The Velvet Curtain likes this.
  3. morning glory

    morning glory Obsessive cook Staff Member

    Are you using Chrome? I get the same issue when using Chrome browser.

    Sister site CycleChat has a different ending to the web address (it ends in '.net.') and I don't get the problem on there - I don't know if that could possibly have anything to do with it (probably not). Try clicking on CycleChat to see if you get the same issue.

    https://www.cyclechat.net

    CookingBites has a '.com' ending.

    https://www.cookingbites.com

    @SatNavSaysStraightOn will need to look into this but I think it may be related to another problem members have had with uploading photos when using Chrome.

    Also, as I understand it, Chrome will show sites as insecure if the don't have the https prefix in the web address.
     
    Last edited: 21 Apr 2019
  4. morning glory

    morning glory Obsessive cook Staff Member

    Here is a screenshot of what I get.


    Screen Shot 2019-04-21 at 15.06.43.png
     
  5. morning glory

    morning glory Obsessive cook Staff Member

    Here is CycleChat screenshot:

    Screen Shot 2019-04-21 at 15.08.47.png
     
  6. I'm on an android tablet, so it is mobile chrome for me.
     
  7. morning glory

    morning glory Obsessive cook Staff Member

  8. TodayInTheKitchen

    TodayInTheKitchen Active Member

    Location:
    Detroit, MI
    Excellent observation @The Velvet Curtain. It is actually really simple. Websites with a "https" URL are considered secure. Sites with just "http" are considered not secure. Hope this clears things up a bit.
     
    The Velvet Curtain likes this.
  9. medtran49

    medtran49 Über Member

    Location:
    SE Florida
    I use Chrome on my tablet and I've never gotten the "not secure" message for Cooking Bites.
     
  10. morning glory

    morning glory Obsessive cook Staff Member

    Interesting. It only happens with the latest version of Chrome I think. Do you know which version you are using?
     
    Last edited: 22 Apr 2019
  11. morning glory

    morning glory Obsessive cook Staff Member

  12. medtran49

    medtran49 Über Member

    Location:
    SE Florida

    2019-04-21 19.41.56.jpg
     
  13. Shermie

    Shermie Veteran

    Location:
    Brighton, MA.


    I was getting that also, for a while!!
     
  14. Karen W

    Karen W Senior Member

    Location:
    .
    I could be mistaken but, I was under the impression that as long as you don't enter personal information like a password or Swiss bank account number, it's not a big deal.
     
  15. SatNavSaysStraightOn

    SatNavSaysStraightOn Site Owner Staff Member

    Location:
    A Pom in NSW, Aus
    I'd like to cover a few points first, explain a few concepts and then explain exactly what data is being sent unencrypted from your device to the CookingBites (CB) site. Please note that this information only applies to data transmitted between the CB server and your device(s). It does not apply to how your data is stored on the server itself.

    What is a SSL certificate?
    SSL stands for Secure Sockets Layer. It's a form of encryption. SSL encrypts information sent between the CB site and any visitor’s web browser (your interface) so that it cannot be read by a third party as it is sent across the internet. SSL is most commonly used when websites request sensitive information from a visitor, like a password or credit card number. Most of the data being transmitted is data such as recipes, discussions and photos, which displayed on the CB forum in plain text for all to see. That's the whole idea behind a public forum. Only a tiny portion of the data transmitted is your username and password, used to authenticate your post and show who it came from.

    Do we need SSL?
    Yes and No. Ideally we would have it, but like everything else it costs money to obtain a certificate which has to be renewed annually and the CB site does not make a profit. In fact, it runs at a loss before the purchase of an annual security certificate.

    CB is a public forum, as already mentioned above and is visible to everyone before log in. That's the whole concept behind this forum .
    But Google rankings now take into account if a site is http or https and favour https sites, so at some point I'll need to purchase a SSL certificate.

    Should we have a certificate?
    Again, yes and no.
    Right now, the only information that is "sensitive" is your email address, your password and your DOB. Your username is shown online in plain text, so I don't consider this to be sensitive, your DOB is optional to show. Again your location although a mandatory field, needs only state the country you are in; in fact if we see a full address, we do actually remove it, so I don't consider that to be sensitive either. That just leaves optional field in your profile such as sex, Facebook ID, ICQ, Skype ID to name a few. These are all optional fields and entirely up to you to enter or not.

    So when it comes down to it, it is only your password that is being sent unencrypted between your device and the CB site and it is for this reason, we recommend that you have a unique password for each site or service you sign up to and if you do decide to reuse passwords, don't use the same password for sites storing your credit card or PayPal (or other such payment methods) and never reuse passwords for banking sites.

    Remember, SSL certificate only encrypt information being transmitted between your devices and the CB server. It takes dedicated software and hardware to intercept all of the packets relating to your individual post and identify the username and password.

    So, is it a problem right now? No. It is just an alert issued by an updated version of one web browser. But right now CB has no way of making or receiving financial transactions through the forum interface, so the risk is greatly reduced unless of course your CB password is being reused on other sites.

    Will it become an issue for CB in future?
    Yes without a doubt.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice