Forum

Please set up SSL for your store and login page, and prefferably the whole site  

  RSS

lawrence.erb
New Member
Joined: 7 months  ago
Posts: 3
February 15, 2017 11:32 pm  

I just pre ordered the PSP 1000 version 3 kit, and while it is good that the actual payment info through paypal is going through HTTPS, the actual process of creating an account and logging in to your site as well as the order info up to payment is apparently all in plaintext.

When I noticed that, I tried to type in "https://othermod.com" and the browser notified me that the cert received was incorrect, being issued for "*.ehosts.com, ehosts.com", which I assume is your hosting provider.

I would assume then that everyone has been using plaintext.  There are a number of risks associated with that.  Users might be reusing passwords that could then be sniffed by a malicious third party, for just one example.

Let's Encrypt ( https://letsencrypt.org/) is able to provide free SSL certificates if the cost of a full commercial SSL cert for your domain is currently beyond what you can afford.


ReplyQuote
othermod
Estimable Member
Joined: 8 months  ago
Posts: 172
February 16, 2017 12:00 am  
Posted by: lawrence.erb

 

I just pre ordered the PSP 1000 version 3 kit, and while it is good that the actual payment info through paypal is going through HTTPS, the actual process of creating an account and logging in to your site as well as the order info up to payment is apparently all in plaintext.

When I noticed that, I tried to type in "https://othermod.com" and the browser notified me that the cert received was incorrect, being issued for "*.ehosts.com, ehosts.com", which I assume is your hosting provider.

I would assume then that everyone has been using plaintext.  There are a number of risks associated with that.  Users might be reusing passwords that could then be sniffed by a malicious third party, for just one example.

Let's Encrypt ( https://letsencrypt.org/) is able to provide free SSL certificates if the cost of a full commercial SSL cert for your domain is currently beyond what you can afford.

   

Correct. That is why no sensitive information is currently stored on the site, and is the reason Paypal is used as the secure payment method. That being said, SSL will eventually be implemented.


ReplyQuote
lawrence.erb
New Member
Joined: 7 months  ago
Posts: 3
February 16, 2017 12:14 am  

Good to hear you already plan to do so.  If what's holding you back is finding time to do it, I understand, but since you're running a storefront I'd recommend sooner than later.  If you aren't quite sure how to get it set up, feel free to email me with any questions about the process.  I deal with this stuff all the time.


ReplyQuote
othermod
Estimable Member
Joined: 8 months  ago
Posts: 172
May 12, 2017 12:01 am  

It's implemented now.


ReplyQuote
lawrence.erb
New Member
Joined: 7 months  ago
Posts: 3
May 12, 2017 12:12 am  

Awesome!


ReplyQuote
  
Working

Please Login or Register