Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
I've noticed that when signing on to city-data, the address bar is not showing a secure website: https. Is this the case for everyone on here? Is this a security issue for users?
A third party could potentially obtain your password. There is two potential vectors for exploit.
If you were using the DM system for personal data which you shouldn't be anyway.
If you are using the same password for other sites. For example someone obtains your password and looks up your email address in your profile. They can try getting into your email using that password. Now they are in you email and can look around and see what bank you use....
For the second case the more likely possibility which happens quite a bit is a hacker obtains access to the database and gets everyone passwords and email addresses. This is not something you can prevent or prevented with HTTPS.
This is why it's important to use different passwords on different sites especially sites like this where security is not going to be the same you would expect from banking sites etc.
A third party could potentially obtain your password. There is two potential vectors for exploit.
If you were using the DM system for personal data which you shouldn't be anyway.
If you are using the same password for other sites. For example someone obtains your password and looks up your email address in your profile. They can try getting into your email using that password. Now they are in you email and can look around and see what bank you use....
For the second case the more likely possibility which happens quite a bit is a hacker obtains access to the database and gets everyone passwords and email addresses. This is not something you can prevent or prevented with HTTPS.
This is why it's important to use different passwords on different sites especially sites like this where security is not going to be the same you would expect from banking sites etc.
Thanks for the comment. I use a totally different password for each login (it's a long list!). But I am concerned with a hacker getting into the profile and then the email address (though the email uses a totally different password). However, when I just went to my profile, I could not find my email address listed. Do you know where it is in the profile? (Send DM if you prefer on that last question.) Is anyone else on CD concerned with lack of https when logging in?
My Settings >> Edit details >> Edit Email and Password
Quote:
But I am concerned with a hacker getting into the profile and then the email address (though the email uses a totally different password).
Other than getting spam I'm not sure what your concern would be. It's useless as long as you have different passwords. The only potential is what they can do to your account here and that is largely irrelevant and very unlikely unless it's personal.
My Settings >> Edit details >> Edit Email and Password
Other than getting spam I'm not sure what your concern would be. It's useless as long as you have different passwords. The only potential is what they can do to your account here and that is largely irrelevant and very unlikely unless it's personal.
That makes sense. The key is having different passwords. It's not likely that spam bots can scan that deep into accounts to capture email addresses. I've never had issues with changes to an account here. I appreciate your comments.
ONLY BANKING SITES,etc should have SSL enabled......
Computer/web security is a matter of layers and site owners need to take the initiative to protect their users from their own stupidity, e.g. same passwords. Potential vulnerabilities no matter how big or hoe small should always be addressed.
While HTTPS is not really needed site wide on site like this it should be enabled for logins etc. I don't have it on my own sites but it's coming.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.