Comments on: It’s a question of trust… http://domsparks.wordpress.com/2009/01/11/its-a-question-of-trust/ for what it's worth... Tue, 13 Jan 2009 18:16:37 +0000 http://wordpress.com/ hourly 1 By: Losing faith in the software startup community… « Dominic Sparks http://domsparks.wordpress.com/2009/01/11/its-a-question-of-trust/#comment-7 Losing faith in the software startup community… « Dominic Sparks Tue, 13 Jan 2009 01:38:01 +0000 http://domsparks.wordpress.com/?p=48#comment-7 [...] a comment » Further to my previous entry “It’s A Question Of Trust”, and comments thereon, I have done a little further research into the blatant disregard for [...] [...] a comment » Further to my previous entry “It’s A Question Of Trust”, and comments thereon, I have done a little further research into the blatant disregard for [...]

]]> By: domsparks http://domsparks.wordpress.com/2009/01/11/its-a-question-of-trust/#comment-6 domsparks Mon, 12 Jan 2009 01:45:52 +0000 http://domsparks.wordpress.com/?p=48#comment-6 Hi Nick, thanks for the response. I guess that's the reason those other sites only secure their login-post action. I suppose the only downside is the lack of a padlock, but if your site has a reputation as being trustworthy maybe it's enough to simply say that it is secure, e.g. by having a button that says 'Secure Login', much like Amazon do on their login page... In the mean time, I'm now going to concentrate my efforts on trying to improve my twitorfit rating. I can live with the security issues, but not so much with my inexplicably low score. Are you sure the Maths are correct on this site? :-) Cheers, Dominic. Hi Nick, thanks for the response.
I guess that’s the reason those other sites only secure their login-post action. I suppose the only downside is the lack of a padlock, but if your site has a reputation as being trustworthy maybe it’s enough to simply say that it is secure, e.g. by having a button that says ‘Secure Login’, much like Amazon do on their login page…

In the mean time, I’m now going to concentrate my efforts on trying to improve my twitorfit rating. I can live with the security issues, but not so much with my inexplicably low score. Are you sure the Maths are correct on this site? :-)

Cheers,
Dominic.

]]> By: Nick Halstead http://domsparks.wordpress.com/2009/01/11/its-a-question-of-trust/#comment-4 Nick Halstead Mon, 12 Jan 2009 00:00:09 +0000 http://domsparks.wordpress.com/?p=48#comment-4 Hi Dominic, Completely correct, for something like twitorfit (and thousands of others) it is a lot of extra work to put SSL behind it. But fav.or.it *should* have been done ages ago, we have a SSL certificate, but like you I took it that so many sites were *not* using SSL due to the lack of the padlock. And given other priorities we never went back and sorted it, we only just moved to making 'all' authentication go through 'my.fav.or.it' which which will now make it very easy to implement. The question of if the main login page should be SSL (the downside is that nothing can be cached on a SSL page, and therefore takes up 4-5x the processing) - or if we just use SSL for the post. I appreciate the timely reminder and will make sure it is sorted this week, Nick Hi Dominic,

Completely correct, for something like twitorfit (and thousands of others) it is a lot of extra work to put SSL behind it.

But fav.or.it *should* have been done ages ago, we have a SSL certificate, but like you I took it that so many sites were *not* using SSL due to the lack of the padlock. And given other priorities we never went back and sorted it, we only just moved to making ‘all’ authentication go through ‘my.fav.or.it’ which which will now make it very easy to implement.

The question of if the main login page should be SSL (the downside is that nothing can be cached on a SSL page, and therefore takes up 4-5x the processing) – or if we just use SSL for the post.

I appreciate the timely reminder and will make sure it is sorted this week,

Nick

]]>