You are here

HomeForumsGroupanizer Sing!Questions and Answers › Session Security

Search form

Session Security

5 posts / 0 new
Log in or register to post comments
Last post
Mon, 01/24/2011 - 08:59
#1
GMARTIN
GMARTIN's picture
Offline
Joined: 01/24/2011 - 08:47
Session Security

I think it would be good to get this on the FAQ because I would expect this question to arise.....

All the browser links are operating on pure HTTP so userid & password go via the Internet in clear text, as do the other pages. This perhaps isn't a major issue for a lot of info but for personal data such as address/phone/DOB it's not ideal. OK - so this is only a singing group application does it really need such security, well only each chorus can probably answer that question but I can't imagine it's that expensive to get an SSL certificate for the server.

Sorry if I missed something but let me know if I've missed that this is an option.

 

Glenn

Top
Mon, 01/24/2011 - 22:32
admin
admin's picture
Offline
Joined: 04/22/2012 - 08:04
You are correct - it's not

You are correct - it's not https right now because of the expense and complexity of an appropriate certificate.  Ultimately I'd like to make the login page enforce https, at least.  If this was a banking application, it would have been done already!  :)

Tom

Top
Fri, 01/28/2011 - 05:39
GMARTIN
GMARTIN's picture
Offline
Joined: 01/24/2011 - 08:47
  Tom - completely

 

Tom - completely understand the complexity side of things but would assume that by now you've got a reasonable number of groups on Groupanizer and I'm sure you'll get more given how useful the service is.......but..........

I know we're not talking about a banking application but there are some key pieces of information that are likely to be transmitted over HTTP such as DOB and partners names, not to mention phone & address details. I'll take it as a given that the actual data is secure enough whilst in the DB on the server but anything going over HTTP is open for interception and could be used for nefarious purposes. (ok call me Mr.Paranoid)

So please, if we're paying for a service, is it too much to ask for you to spend a couple of hundred dollars and get a certificate and provide a basic level of security?  Geotrust do one which would cover all domains and this is only $149. 

http://www.geotrust.com/ssl/ssl-certificates-premium/

Thanks

Glenn

Top
Sun, 01/30/2011 - 10:17
admin
admin's picture
Offline
Joined: 04/22/2012 - 08:04
Definitely something I want

Definitely something I want to do.  If that $150 cert can really cover all my subdomains, I will jump on it.  It's hard to tell with a quick read.  Does it seem to you that the cert would cover chorusone.groupanizer.com, chorutwo.groupanizer.com, etc.?  Or would that require their multi-cert option for $500?

T

Top
Sun, 01/30/2011 - 11:45
IanHarrop
IanHarrop's picture
Offline
Joined: 12/15/2010 - 07:59
My read of this

My read of this https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO6513&actp=search&viewlocale=en_US&searchid=1296416548090

says you need the True BusinessID Wildcard for $500

Ian Harrop
Western Hospitality Singers www.sing4fun.ca
Alberta Sport Parachuting Association www.aspa.ca
ian.harrop@live.com

Top
Log in or register to post comments

Copyright © 2012 Groupanizer. All rights reserved.   Terms of Use  |  Privacy Policy
Theme base design by Themesnap | Theme development by Groupanizer

Latest Tweets

Follow Us

Twitter icon
Facebook icon
Google+ icon
LinkedIn icon
YouTube icon
RSS icon

Contact

Email us

Main Phone: +1 604 451-SING (7464)
Fax: +1 604 451-7465

By mail:
Groupanizer
3073 E 21st Ave
Vancouver, BC V5M 2W6
Canada

Business hours:
Mon-Fri 7:30am-5pm, Pacific Time Zone