GM Volt Forum banner

1 - 19 of 19 Posts

·
Registered
Joined
·
72 Posts
Discussion Starter #1
please implement SSL or HTTPS.
because passwords, user credentials are stored in plaintext

its 2016, going on 2017.

IBM's SoftLayer Technologies has certificates for their hosting, why are you not using them???
 

·
Administrator
Joined
·
624 Posts
passwords are not stored plain text, they're md5 encrypted with unique double salts but we are working on updating to SSL

Kyle
 

·
Registered
Joined
·
4,011 Posts
THe second URL isn't really very applicable, and the first describes a process of getting a certificate signed by a Certificate Authority that was bought by another CA that is known to sign bogus certificates and consequently *both* of the CAs are no longer trusted by Chrome, Mozilla, or Safari.

Basically, the only "help" that's needed for this, I'm sure, is someone to come up with five hundred dollars a year to get a certificate from a good CA. That's just how much money it costs to be trustworthy these days.
 

·
Registered
Joined
·
49 Posts
passwords are not stored plain text, they're md5 encrypted with unique double salts but we are working on updating to SSL

Kyle
But none of that matters when the password is sent over the internet in plaintext.

I would highly suggest that all users have a unique password for gm-volt that they don't use anywhere else.

Let's Encrypt is one option (with pros and cons) for getting HTTPS. Pro: Free, Con: Not trusted by IE(?)
 

·
Administrator
Joined
·
624 Posts
Adding Https to the site has always been on the "to-do" list, but it's being pumped up in priority, mostly to keep the sites reputation as a safe place. We have a very large network and few other company wide roll outs in the progress right now. We never had and still don't have an exact ETA on that but we will let you know when the process starts.

Your continued patience and understanding is greatly appreciated.


Cheers,
Nate
 

·
Registered
Joined
·
4,011 Posts
lol three weeks later..
It's not just a setting to turn on. You need an SSL certificate. Which costs a couple hundred bucks a year. Which needs a verifiable issuing organization. Which means you need to have a business presence, which means you need at least an LLC incorporation. Which means filing a non-zero amount of paperwork with various government agencies, all of whom want time and/or money to make things happen. Could it be done in three weeks? Sure, with enough money thrown at the problem. Less money means taking more time. "Free" SSL certs have other requirements that maybe can't be met in a hosted environment.
 

·
Administrator
Joined
·
624 Posts
Hey,

As Nate said, we're working on rolling out HTTPS across our whole network. Unfortunately, as our network is so big, it's taking longer then we'd like top work it out. Once we know more we'll let you know.

Niall
 

·
Administrator
Joined
·
20,215 Posts
It's not just a setting to turn on. You need an SSL certificate.
That used to be the case. There are now free SSL cert services out there. Our company has made use of that for thousands of domain and sub-domains.
 

·
Registered
Joined
·
872 Posts
That used to be the case. There are now free SSL cert services out there. Our company has made use of that for thousands of domain and sub-domains.
Yep, I use Let's Encrypt for my sites. The only downside is that it's a little cumbersome to set up initially, and you have to renew them every 3 months (instead of every so many years like paid-for certs), but it does provide trusted certificates to allow anybody to use HTTPS.
 

·
Administrator
Joined
·
624 Posts
I'm personally not part of the team that's testing HTTPS, but from what I've been told we're running into hurdles with HTTPS breaking one feature after another when activated. First photos, then ads, then PM's. Site wasn't designed with HTTPS in mind, so adding it on is proving a bit of a trial. Still, it'll get sorted in time

Kevin
 

·
Registered
Joined
·
72 Posts
Discussion Starter #18 (Edited)
Seriously tho: Chevrolet Customer Service asks for direct messages with personal info. Members trade info to buy/sell things. Do I have to spell out the importance here?

Come on over the /r/Volt
the waters fine!
 

·
Administrator
Joined
·
624 Posts
If adding it is going to break the site then, unfortunately, testing is needed to make sure the site is working. We'll update you as soon as we know more.

Niall
 
1 - 19 of 19 Posts
Top