Welcome to ECCIE - Sign up today!

iowadodger80 · 12-10-2015, 09:26 AM

This site really needs https access to be setup and to be the default. Also, are the account passwords hashed and salted in the database? Inquiring minds want to know.

These simple changes would make the site more secure.

TheProphetJosephSmith · 12-12-2015, 11:52 AM

I was thinking/ wondering the same thing.

Guest122916 · 12-12-2015, 07:31 PM

That's something that would give oneself a piece of mind.

silksmooth · 12-13-2015, 02:17 PM

As long as you aren't using the same login asnother site or using identifying information you should be fine. Worst thing happens is someone hacks into your account. It's not like we're storing credit card info or socials or anything like that on here.

Gotyour6 · 12-14-2015, 05:29 PM

Yes, because on a public forum where you talk about hookers is a concern.

They will hack my account and talk nice to people.

Then they will lock it because they know it wasn't me.

tandyscone · 12-14-2015, 07:53 PM

Given that this issue was first raised in 2010, and that https is not very difficult to implement, I would say that the owners of the site are probably not going to do anything about it. If large numbers of members started dropping off the site because of no https, and if the owners realized that it was because of the lack of https, we would probably see pretty quick implementation of it. But it looks like most people either don't care, or just make sure that they don't use their password at any other sites.

iowadodger80 · 12-20-2015, 12:56 AM

Quote:

Originally Posted by silksmooth

As long as you aren't using the same login asnother site or using identifying information you should be fine. Worst thing happens is someone hacks into your account. It's not like we're storing credit card info or socials or anything like that on here.

No offense, but your reply has nothing to do with the original post. Just because financial data isn't stored isn't a reason to not encrypt communications of the website.

PsychedelicMut · 12-24-2015, 10:00 AM

Quote:

Originally Posted by iowadodger80

No offense, but your reply has nothing to do with the original post. Just because financial data isn't stored isn't a reason to not encrypt communications of the website.

Agreed!

'https" is minimal security. If the tech staff doesn't understand that, they're inadequately trained regarding security. It is the site's responsibility to make a reasonable effort to ensure its own integrity.

As for passwords, even if users have the same one on other sites, they expect eccie to guard against leaking them to the cyber world.

Saying that the owners won't change security unless they start losing clients is the same as saying "If the users don't care eccie doesn't care. Let them defend themselves." Users don't necessarily have the expertise to understand internet vulnerabilities and shouldn't be expected to. Besides, I am certain that all members would be significantly upset if a hacker revealed all email addresses, links, posts, PMs, etc. They give the site their ID and password and assume the site will protect their information. This assumption is certainly valid.