Site not secure

The Velvet Curtain

Forum GOD!
Joined
13 Oct 2012
Local time
11:36 PM
Messages
4,042
Location
Leicester: Where Britain keeps its crisps
My browser keeps telling me that this whole forum is not secure, is it me or is the an issue at the server end?

Screenshot_20190421-110948.jpg
 
Are you using Chrome? I get the same issue when using Chrome browser.

Sister site CycleChat has a different ending to the web address (it ends in '.net.') and I don't get the problem on there - I don't know if that could possibly have anything to do with it (probably not). Try clicking on CycleChat to see if you get the same issue.

https://www.cyclechat.net

CookingBites has a '.com' ending.

https://www.cookingbites.com

@SatNavSaysStraightOn will need to look into this but I think it may be related to another problem members have had with uploading photos when using Chrome.

Also, as I understand it, Chrome will show sites as insecure if the don't have the https prefix in the web address.
 
Last edited:
I use Chrome on my tablet and I've never gotten the "not secure" message for Cooking Bites.
 
I could be mistaken but, I was under the impression that as long as you don't enter personal information like a password or Swiss bank account number, it's not a big deal.
 
I'd like to cover a few points first, explain a few concepts and then explain exactly what data is being sent unencrypted from your device to the CookingBites (CB) site. Please note that this information only applies to data transmitted between the CB server and your device(s). It does not apply to how your data is stored on the server itself.

What is a SSL certificate?
SSL stands for Secure Sockets Layer. It's a form of encryption. SSL encrypts information sent between the CB site and any visitor’s web browser (your interface) so that it cannot be read by a third party as it is sent across the internet. SSL is most commonly used when websites request sensitive information from a visitor, like a password or credit card number. Most of the data being transmitted is data such as recipes, discussions and photos, which displayed on the CB forum in plain text for all to see. That's the whole idea behind a public forum. Only a tiny portion of the data transmitted is your username and password, used to authenticate your post and show who it came from.

Do we need SSL?
Yes and No. Ideally we would have it, but like everything else it costs money to obtain a certificate which has to be renewed annually and the CB site does not make a profit. In fact, it runs at a loss before the purchase of an annual security certificate.

CB is a public forum, as already mentioned above and is visible to everyone before log in. That's the whole concept behind this forum .
But Google rankings now take into account if a site is http or https and favour https sites, so at some point I'll need to purchase a SSL certificate.

Should we have a certificate?
Again, yes and no.
Right now, the only information that is "sensitive" is your email address, your password and your DOB. Your username is shown online in plain text, so I don't consider this to be sensitive, your DOB is optional to show. Again your location although a mandatory field, needs only state the country you are in; in fact if we see a full address, we do actually remove it, so I don't consider that to be sensitive either. That just leaves optional field in your profile such as sex, Facebook ID, ICQ, Skype ID to name a few. These are all optional fields and entirely up to you to enter or not.

So when it comes down to it, it is only your password that is being sent unencrypted between your device and the CB site and it is for this reason, we recommend that you have a unique password for each site or service you sign up to and if you do decide to reuse passwords, don't use the same password for sites storing your credit card or PayPal (or other such payment methods) and never reuse passwords for banking sites.

Remember, SSL certificate only encrypt information being transmitted between your devices and the CB server. It takes dedicated software and hardware to intercept all of the packets relating to your individual post and identify the username and password.

So, is it a problem right now? No. It is just an alert issued by an updated version of one web browser. But right now CB has no way of making or receiving financial transactions through the forum interface, so the risk is greatly reduced unless of course your CB password is being reused on other sites.

Will it become an issue for CB in future?
Yes without a doubt.
 
Back
Top Bottom