LumberJocks

Will you ever enable https?

  • Advertise with us

« back to LumberJocks.com Site Feedback forum

Forum topic by mtkate posted 05-23-2011 11:10 AM 1042 views 0 times favorited 7 replies Add to Favorites Watch
View mtkate's profile

mtkate

2049 posts in 2788 days


05-23-2011 11:10 AM

Hey,

I keep on loving this site – and hoping some day you can add that small extra layer of security so we are not all logging in with plain text.

No offence to the other LJs, but I know many don’t understand the significance of this and it would be a shame if personal information got compromised by accident.

I am truly amazed there has not been a horrible incident – so kudos to however you are managing it now but the luck cannot last.

Thoughts for improvement…. will make alll us paranoid techies feel a touch less exposed ;)

Merci for the consideration.


7 replies so far

View Alan S's profile

Alan S

178 posts in 2780 days


#1 posted 05-23-2011 05:29 PM

I vote for this too! Password security is definitely something to take seriously.

Alan

View Bertha's profile

Bertha

13003 posts in 2156 days


#2 posted 05-23-2011 05:34 PM

There’s a lot of traffic here. I certainly wouldn’t want to be in charge of wrangling it!

-- My dad and I built a 65 chev pick up.I killed trannys in that thing for some reason-Hog

View GregD's profile

GregD

783 posts in 2599 days


#3 posted 05-23-2011 07:05 PM

What personal information? Email address? The information I’ve given to LJ is not very sensitive and I suspect that is typical.

Now, re-using your LJ password for your online bank or other site with actual sensitive data would be a big risk, but for far more reasons than the plain text passwords.

What am I missing?

-- Greg D.

View dbhost's profile

dbhost

5605 posts in 2695 days


#4 posted 05-23-2011 07:15 PM

In the IT security world, the question isn’t “Are you paraanoid?” The question is… “Are you paranoid enough?”

I know that sounds like an odd thing to say, but the point is, the OP is right, it would be best to be proactive in security, instead of reactive. The big issue would be obtaining the SSL certificate in the first place. You either have to get one from a “trusted” certificate authority like Thawte, which for a small operation can be cost prohibitive, or get your users to add an untrusted authority in their browsers, which many security conscious users will refuse to do…

-- My workshop blog can be found at http://daves-workshop.blogspot.com

View SteveMI's profile

SteveMI

954 posts in 2757 days


#5 posted 05-23-2011 07:17 PM

What would be the value of a password to get on LJ?

As Greg D points out, an email or website address is all that is available.

If you are concerned, join under an alias with a gmail account.

Steve

View Alan S's profile

Alan S

178 posts in 2780 days


#6 posted 05-24-2011 10:11 PM

I’m not talking about requiring a password to view lumberjocks, and I don’t think mtkate is either. The problem occurs when you do decide to log in.

The point is, a huge number of people use the same password for every computer account they own. This isn’t a good policy, but it happens. So, if someone’s LJ password gets compromised that is the same as their email password, an attacker can get into their email, which is a dangerous thing.
Alan

View Dan Lyke's profile

Dan Lyke

1510 posts in 3588 days


#7 posted 05-25-2011 12:56 AM

I’m with GregD and SteveMI: If you’re using the same password on LumberJocks as on higher value sites, then you’re engaging in risky behavior that LumberJocks enforcing https will not protect you from.

-- Dan Lyke, Petaluma California, http://www.flutterby.net/User:DanLyke

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com