Site security

#14
Seems I accidently replied to a copy of this thread instead of the real thing. Here is what I said.

I don't have access to the hosting so I can't be certain but, in my view, the security of the site is appropriate for what it is. There should be no details on here about people's financials. No card numbers, no account details. No-one would think of using a banking password for logon to another site. I know Boab is currently looking for alternative hosting and that there is a newer release of XenForo to be implemented so no doubt SSL will be along soon. I wouldn't worry about your PayPal address being here just so long as you don't post the password too.
 
#16
found a lot of info here http://cmsdaily.com/how-to-migrate-xenforo-forum-from-http-to-https/

"Why HTTPS?
In short, there are some advantages of migrating your Xenforo forum to HTTPS:
More secure, Member feels safe, Avoid getting “Not Secure” on Google Chrome 56 and above, Avoid getting “!” mark (not secure symbol) in another browser, HTTPS is one of search ranking signals which could help your SEO"

Getting a certificate is easy but the actual migration is looking rather complicated
 
Last edited:
#17
Got a pm from nick. He said admin are looking at it...
and....... ? Surely by now somebody at the top of the tree could have at least commented. YOU have a response to a PM. OK. So why do THEY not put out a thread to keep this updated as to what IS happening? I do not wish to stir the proverbial but this is worrying, especially to us old buggers who may not understand it all. I have been watching this thing hoping something will be 'put right' and very soon but nothing has happened. Somebody questions ( quite rightly ) an outrageous piss taking ( mild compared to other posts here not deleted ) 'for sale' item elsewhere and there are fireworks.

Admin, for the sake of those of us who do not perhaps understand the complete implications of this - PLEASE respond OPENLY.
 
#19
and....... ? Surely by now somebody at the top of the tree could have at least commented. YOU have a response to a PM. OK. So why do THEY not put out a thread to keep this updated as to what IS happening? I do not wish to stir the proverbial but this is worrying, especially to us old buggers who may not understand it all. I have been watching this thing hoping something will be 'put right' and very soon but nothing has happened. Somebody questions ( quite rightly ) an outrageous piss taking ( mild compared to other posts here not deleted ) 'for sale' item elsewhere and there are fireworks.

Admin, for the sake of those of us who do not perhaps understand the complete implications of this - PLEASE respond OPENLY.
I have replied above - completely openly.

I do not have access to control of the hosting environment so cannot make the changes myself. Arrangements are being made and the change to SSL will happen as soon as possible.

I am unsure why an adversarial tone is being adopted here but it seems to me that BST rules have little relevance to site security.

Please remember that staff cannot read everything. This is not a full-time job! Please PM if you think urgent attention is needed. I will move this thread to Feedback, with a redirect where it will receive more attention.

And, for the record there is no 'THEY', just 'WE'!
 
Last edited:
Top