I just pre ordered the PSP 1000 version 3 kit, and while it is good that the actual payment info through paypal is going through HTTPS, the actual process of creating an account and logging in to your site as well as the order info up to payment is apparently all in plaintext.
When I noticed that, I tried to type in "http://othermod.com" and the browser notified me that the cert received was incorrect, being issued for "*.ehosts.com, ehosts.com", which I assume is your hosting provider.
I would assume then that everyone has been using plaintext. There are a number of risks associated with that. Users might be reusing passwords that could then be sniffed by a malicious third party, for just one example.
Let's Encrypt ( https://letsencrypt.org/) is able to provide free SSL certificates if the cost of a full commercial SSL cert for your domain is currently beyond what you can afford.
I just pre ordered the PSP 1000 version 3 kit, and while it is good that the actual payment info through paypal is going through HTTPS, the actual process of creating an account and logging in to your site as well as the order info up to payment is apparently all in plaintext.
When I noticed that, I tried to type in "http://othermod.com" and the browser notified me that the cert received was incorrect, being issued for "*.ehosts.com, ehosts.com", which I assume is your hosting provider.
I would assume then that everyone has been using plaintext. There are a number of risks associated with that. Users might be reusing passwords that could then be sniffed by a malicious third party, for just one example.
Let's Encrypt ( https://letsencrypt.org/) is able to provide free SSL certificates if the cost of a full commercial SSL cert for your domain is currently beyond what you can afford.
Correct. That is why no sensitive information is currently stored on the site, and is the reason Paypal is used as the secure payment method. That being said, SSL will eventually be implemented.
Good to hear you already plan to do so. If what's holding you back is finding time to do it, I understand, but since you're running a storefront I'd recommend sooner than later. If you aren't quite sure how to get it set up, feel free to email me with any questions about the process. I deal with this stuff all the time.
It's implemented now.
Awesome!
