Discussion Forum: Thread 206445 |
|
|
| | Author: | tylerawalters | Posted: | Jun 9, 2016 08:31 | Subject: | Why isn't the main page secure (https)? | Viewed: | 169 times | Topic: | Suggestions | Status: | Implemented | |
|
| As far as I know, the main page has never been secure – at least not as long
as I've been a member. Given that this is where most people log in, this
is a huge problem. Their credentials are being sent over an unsecured connection.
Given that this site has had hacking issues in the past, one would think that
this would have been addressed by now. I'm disappointed to see in the new
design that this issue has not been addressed.
Not only is this bad for Bricklink's current users, but it makes the site
look amateurish to potential members, which in turn keeps them from being customers.
Please address this as soon as possible. Security shouldn't be seen as an
optional feature. It should be seen as mandatory for every site.
|
|
|
| | | | | |
| | | | Author: | cosmicray | Posted: | Jun 9, 2016 09:13 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 50 times | Topic: | Suggestions | |
|
| In Suggestions, tylerawalters writes:
| As far as I know, the main page has never been secure – at least not as long
as I've been a member. Given that this is where most people log in, this
is a huge problem. Their credentials are being sent over an unsecured connection.
Given that this site has had hacking issues in the past, one would think that
this would have been addressed by now. I'm disappointed to see in the new
design that this issue has not been addressed.
Not only is this bad for Bricklink's current users, but it makes the site
look amateurish to potential members, which in turn keeps them from being customers.
Please address this as soon as possible. Security shouldn't be seen as an
optional feature. It should be seen as mandatory for every site.
|
In the year of our lord 2016, this is an absolute necessary item.
Ray
|
|
|
| | | | | | | | | |
| | | | | | Author: | tGo_lego | Posted: | Jun 9, 2016 14:55 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 37 times | Topic: | Suggestions | |
|
| agree 1000% |
|
| | | | | |
| | | | Author: | therobo | Posted: | Jun 9, 2016 16:40 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 62 times | Topic: | Suggestions | |
|
| In Suggestions, tylerawalters writes:
| As far as I know, the main page has never been secure – at least not as long
as I've been a member. Given that this is where most people log in, this
is a huge problem. Their credentials are being sent over an unsecured connection.
Given that this site has had hacking issues in the past, one would think that
this would have been addressed by now. I'm disappointed to see in the new
design that this issue has not been addressed.
Not only is this bad for Bricklink's current users, but it makes the site
look amateurish to potential members, which in turn keeps them from being customers.
Please address this as soon as possible. Security shouldn't be seen as an
optional feature. It should be seen as mandatory for every site.
|
I already addressed that when they released the preview site.
I was told that this is not part of the redesign.
My workaround is to have a bookmark to MyBrickLink.
If not logged in it gives you a https login page (as it used to).
|
|
|
| | | | | | | | | |
| | | | | | Author: | ToddMyers | Posted: | Jun 9, 2016 19:31 | Subject: | (Cancelled) | Viewed: | 49 times | Topic: | Suggestions | |
|
| (Cancelled) |
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | therobo | Posted: | Jun 10, 2016 05:03 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 39 times | Topic: | Suggestions | |
|
| In Suggestions, ToddMyers writes:
| In Suggestions, therobo writes:
| I was told that this is not part of the redesign.
|
Between this gem and the comment from Bricklink to another user that mobile views
are not supported by the site, I'm just blown away by the sheer incompetence
of it all. Whoever made these two decisions should be escorted off the premises.
Is there such a thing as web development malpractice?
SMH
|
Original quote:
"The security issue has not been neglected. However, we cannot tackle all
issues at once. This has by no means been de-prioritized. It just means that
it is simply not a part of the project you are speaking about. The preview release
is simply the preview release and is meant as a face-lift to bring the website
up to modern times and make it easier for new users. The security issue will
be addressed separately, but it is most definitely not being ignored. This is
just protocol. If we were to try to address all issues at once there would be
no organization among the company."
|
|
|
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | Author: | ToddMyers | Posted: | Jun 10, 2016 07:03 | Subject: | (Cancelled) | Viewed: | 40 times | Topic: | Suggestions | |
|
| (Cancelled) |
|
| | | | | | | | | | | | | |
| | | | | | | | Author: | WoutR | Posted: | Jun 10, 2016 17:21 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 37 times | Topic: | Suggestions | |
|
| In Suggestions, ToddMyers writes:
| In Suggestions, therobo writes:
| I was told that this is not part of the redesign.
|
Between this gem and the comment from Bricklink to another user that mobile views
are not supported by the site, I'm just blown away by the sheer incompetence
of it all. Whoever made these two decisions should be escorted off the premises.
Is there such a thing as web development malpractice?
SMH
|
Looking at how many features on the new design depend on hovering over an item,
I am not surprised that there is no support for anything mobile, tablet or using
touch screen.
Did we just upgrade from 1999 to 2006?
|
|
| | | | | | | | | |
| | | | | | Author: | tylerawalters | Posted: | Jun 9, 2016 20:40 | Subject: | Re: Why isn't the main page secure (https)? | Viewed: | 51 times | Topic: | Suggestions | |
|
| That's not an acceptable answer. I just go to another page too, but most
people will not. The fact they have secure methods of logging in means they have
the capability to do it here as well. Any hole in security makes all of us insecure
– not just those who log in with the insecure page.
Security is a requirement for all sites. This is not something that should ever
be seen as optional. Ever.
This is highly disappointing.
In Suggestions, therobo writes:
| In Suggestions, tylerawalters writes:
| As far as I know, the main page has never been secure – at least not as long
as I've been a member. Given that this is where most people log in, this
is a huge problem. Their credentials are being sent over an unsecured connection.
Given that this site has had hacking issues in the past, one would think that
this would have been addressed by now. I'm disappointed to see in the new
design that this issue has not been addressed.
Not only is this bad for Bricklink's current users, but it makes the site
look amateurish to potential members, which in turn keeps them from being customers.
Please address this as soon as possible. Security shouldn't be seen as an
optional feature. It should be seen as mandatory for every site.
|
I already addressed that when they released the preview site.
I was told that this is not part of the redesign.
My workaround is to have a bookmark to MyBrickLink.
If not logged in it gives you a https login page (as it used to).
|
|
|
|
| | | | | | | | | |
| | | | | | Author: | tylerawalters | Posted: | Jun 9, 2016 20:55 | Subject: | (Cancelled) | Viewed: | 33 times | Topic: | Suggestions | |
|
| (Cancelled) |
|
|
|
|
|