HTTPS - International Association of Penturners
     International Association of Penturners
Pens for Service Members
 
Support The IAP

Go Back   International Association of Penturners > Community Forums > Casual Conversation
  Forgot Password
Register FAQ Members List Search Today's Posts Mark Forums Read
Casual Conversation Off-topic, general chat.


Logged on members can hide ads!

Welcome to penturners.org!

You've found the home of The International Association of Penturners. You are currently viewing our site as a guest, which gives you limited access to view discussions, photos, and library articles.

Consider joining our community today. You'll have full access to all of our content, be able to enter our contests, find local chapters near you, and post your questions and share your experience with our members all over the world.

Membership is completely free!!

If you have any problems with the registration process or your account login, please contact us.

Reply
 
LinkBack Thread Tools Display Modes
Old 03-17-2017, 09:55 AM   #1 (permalink)
 
rd_ab_penman's Avatar
 
Join Date: Jun 2007
Location: Red Deer, Alberta, Canada.
Posts: 1,228
Photos: 8

Default HTTPS

I have noticed that more and more pen turning / wood sites are making their sites more secure by upgrading with HTTPS.
Why not make API site more secure?

Les
__________________
Innovation is the process that renews something that already exists and not, as is commonly assumed, the introduction of something new.
rd_ab_penman is offline   Reply With Quote Top
Old 03-17-2017, 12:19 PM   #2 (permalink)
 
Join Date: Sep 2006
Location: Tellico Plains, Tennessee, USA.
Posts: 7,004
Photos: 1

Default

Firefox tells me everytime I log in that this is an unsecure log in....
__________________
Chuck
Tellico Plains, TN
https://www.etsy.com/shop/TellicoTurnings

If you look for trouble, it will find you!
TellicoTurning is offline   Reply With Quote Top
Old 03-18-2017, 09:53 AM   #3 (permalink)
 
rd_ab_penman's Avatar
 
Join Date: Jun 2007
Location: Red Deer, Alberta, Canada.
Posts: 1,228
Photos: 8

Default

Yes, IAP is an unsecured site.

Les
__________________
Innovation is the process that renews something that already exists and not, as is commonly assumed, the introduction of something new.
rd_ab_penman is offline   Reply With Quote Top
Advertisement
Old 03-18-2017, 10:40 AM   #4 (permalink)
Administrator
 
jeff's Avatar
 
Join Date: Dec 2003
Location: Westlake, OH, USA.
Posts: 7,311
Photos: 58

Default

Quote:
Originally Posted by rd_ab_penman View Post
Yes, IAP is an unsecured site.

Les
That project is underway, but I wanted to wait until after the bash. I've been working some long days, so it hasn't happened yet. We also have a few things installed that are going to break with https, and I want to make sure I am able to fix them quickly.

Since we don't process any financial transactions, I don't think it's critical, but I agree it's annoying to see the box pop up and tell you.
__________________
Jeff Brown in Westlake, Ohio, USA
jeff is offline   Reply With Quote Top
Old 03-18-2017, 11:24 AM   #5 (permalink)
Local Chapter Manager
 
ed4copies's Avatar
 
Join Date: Mar 2005
Location: Racine, WI, USA.
Posts: 23,209
Photos: 27

Default

Financial transactions ie donations, are handled through Paypal, so there is no doubt your donations are safe!! (I"m sure this was the major concern)
ed4copies is offline   Reply With Quote Top
Old 03-19-2017, 07:03 AM   #6 (permalink)
 
edstreet's Avatar
 
Join Date: Aug 2007
Location: No longer confused....
Photos: 2

Default

Many make the claim that PayPal is secure therefore my site does not have to be. They can't be further from the truth. It is very possible to leech data from unsecured sites and use as a launch pad for a good many things like identity theft. It's easier when the site is unsecured. Layered security offers t he best protection and even against PayPal and banks it helps in the grand scheme of things. When you see the back end of merchant processing and the liability sides you really understand at that point why it's a very good idea to secure your site. By merchants processing in not referring to linking PayPal to your website but am rendering to processing charges at the banks end.

Sent from my SAMSUNG-SM-T377A using Tapatalk
__________________
Anyone can COPY, it takes a *TRUE ARTIST* to CREATE

-- In times of universal deceit, telling the truth becomes a revolutionary act.

Design your own Polymer Clay Pen Blanks by Toni, Detailed 'CA' Article
edstreet is offline   Reply With Quote Top
Old 03-19-2017, 08:45 AM   #7 (permalink)
 
walshjp17's Avatar
 
Join Date: Jul 2012
Location: Weddington, NC
Posts: 2,754
Photos: 5

Default

IIRC (and it has been many years since I last dealt with InfoSec), on an unsecured site your passwords are passed to the IAP server in the clear - that is, unencrypted. Assuming you use the same password for other sites (not a good idea) you could be compromising your laptop/PC/Mac/smartphone/tablet, etc.
__________________
ZipIt!

John
USN (Ret)
Carolina Piedmont Chapter
walshjp17 is offline   Reply With Quote Top
Old 03-19-2017, 09:13 AM   #8 (permalink)
 
edstreet's Avatar
 
Join Date: Aug 2007
Location: No longer confused....
Photos: 2

Default

Not only your password but bio which is causes a chain reaction for identity theft. The setup is called DDE, dynamic data exchange. App A communications with the browser and sucks data from your usage. Encrypted sites helps retard that exchange but will not block it. Security is an onion, it's in layers and layers and layers. Peel the onion and you gain access unauthorized and illegally. Browser companies are becoming more militant (rightly so to) about adding more layers of the onion. Also keep in mind they get request for data from users and are under a gag order about disclosing the volumes of request. This is exactly why google and Apple encrypted the services so they are unable to grant that access. The final issue is the piedmont tools were stolen and also sold to foreign nationals which allows them free access to your devices. Better reasons still to encrypt and watch security.

Besides what harm will you be doing by adding layers of security, I see a ton more benefits than anything bad or negative, just need to get the crowd who snubs noses at the notion to wake up and see reality.
__________________
Anyone can COPY, it takes a *TRUE ARTIST* to CREATE

-- In times of universal deceit, telling the truth becomes a revolutionary act.

Design your own Polymer Clay Pen Blanks by Toni, Detailed 'CA' Article
edstreet is offline   Reply With Quote Top
Old 03-19-2017, 09:46 AM   #9 (permalink)
 
jttheclockman's Avatar
 
Join Date: Feb 2005
Location: NJ, USA.
Photos: 68

Default

Welcome to the new world How many web site that sell their wares are secured to that point where they can not be hacked??? How many times are we bombarded by ads that contain tracking info?? How many times do you go to the store and pull out that card to make your purchase and not knowing who or what is recording you?? How many times do you step out the front door and not know who is watching?? The list goes on and on. At some point you have to trust someone. We can not live in a bubble. The world is evolving. For every new security feature added a way to break it is developed. We just have to try to be more diligent and aware of what we do. Try not to be so complacent of your surroundings and that includes entering and exiting forums or web sites. Do not put all your eggs in one basket is a good axiom to follow.
__________________
John T.
jttheclockman is offline   Reply With Quote Top
Old 03-19-2017, 11:12 AM   #10 (permalink)
Administrator
 
jeff's Avatar
 
Join Date: Dec 2003
Location: Westlake, OH, USA.
Posts: 7,311
Photos: 58

Default

Quote:
Originally Posted by edstreet View Post
...snip...
Besides what harm will you be doing by adding layers of security, I see a ton more benefits than anything bad or negative, just need to get the crowd who snubs noses at the notion to wake up and see reality.
Since this thread is about SSL at IAP, I have to make the connection that you're claiming that I'm snubbing my nose at security. That's false. The implication that I don't care isn't correct. It hasn't happened yet because I am trying to fully understand what things SSL will break and develop a plan to fix them. Lots of things in life are great ideas, but it's important to understand the unintended consequences and have a plan to mitigate them.
__________________
Jeff Brown in Westlake, Ohio, USA
Likes: (1)
jeff is offline   Reply With Quote Top
Related Content
Logged on members can hide ads
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 01:49 PM.

Powered by vBulletin® Version 3.7.6
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0

Content Copyright © 2003-2016 by Penturners.org, LLC; All Rights Reserved
Terms Of Service   Acceptable Use Policy