Protect the DUC
To protect the DUC and its Members & Moderators, may I suggest changing:
http://duc.avid.com/register.php to https://duc.avid.com/register.php and http://duc.avid.com/index.php to https://duc.avid.com/index.php This Thread prompted this Post: Fraudulent Avid Website Identified! http://duc.avid.com/showthread.php?t=413711 |
Re: Protect the DUC
Quoting from:
https://www.securitymetrics.com/blog...sites-insecure "Are HTTP Websites Insecure? HTTP vs. HTTPS: One little letter can make a lot of difference If you’ve never paid attention to the browser URL while surfing the Internet, today is the day to start. At the prefix of each website URL, you’ll usually see either HTTP or HTTPS. One shows the site you are on is secure (HTTPS), and the other does not (HTTP). In terms of security, HTTP is completely fine when browsing the web. It only becomes an issue when you're entering sensitive data into form fields on a website. If you're entering sensitive data into an HTTP web page, that data is transmitted in cleartext and can be read by anyone. ... And those customers data is insecure.” When we register on the DUC: http://duc.avid.com/register.php? |
Re: Protect the DUC
Converting my website was pretty trivial.
|
Re: Protect the DUC
Thank you, Avid, for converting the DUC’s prefix to https://
|
Re: Protect the DUC
Looks like "half-fixing" it appears ...
Now seeing both http://duc.avid.com/ and https://duc.avid.com/ Typing Avid DUC Forum in Google goes to: (Not secure) http://duc.avid.com/ However, typing in URL space https://duc.avid.com/ gets to the “safe” DUC So any new potential Member who Googles Avid DUC Forum then clicks up top on “How to Join & Post” will be entering their personal details on the (Not secure) http://duc.avid.com/ Conclusion: still needs fixing! |
Re: Protect the DUC
Yes should have been announced, and a redirect from http to https set up. There is no real fix until the unprotected site goes away. But maybe Avid is planning on doing that and we just jumped the gun?
|
Re: Protect the DUC
Been a while since I registered, but I don't remember the DUC asking for any personal (dangerous) information it self that was required, nor CC # social security or anything that could very well be used to usurp identity.
Not saying it's not a good thing they did go to HTTPS, but there's no real personal data here. |
Re: Protect the DUC
https could potentially reduce spam posts, though
|
Re: Protect the DUC
Quote:
|
Re: Protect the DUC
Quote:
|
All times are GMT -7. The time now is 09:49 AM. |
Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com