Home  |  Forums  |  914 Info  |  Blogs
 
914World.com - The fastest growing online 914 community!
 
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG. This site is not affiliated with Porsche in any way.
Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners.
 

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> AutoAtlanta, just a suggestion
stateofidleness
post Jun 11 2008, 11:10 PM
Post #1


Senior Member
***

Group: Members
Posts: 810
Joined: 1-September 07
From: Canyon Lake, Texas!
Member No.: 8,065
Region Association: None



Just made my first order with AutoAtlanta and noticed that, once you go to checkout, for new customers where you fill out your Shipping and Billing as well as credit card info, the page is not a secure page??

So.. I would advise that if you are making a purchase with them, add an "s" after the "http" in the address bar before filling out the form.

computer security major... kinda bugs me when i see stuff like that... so just a heads up

maybe the AA webmaster can fix this (IMG:style_emoticons/default/wink.gif) would take all of 2 seconds

anyways, can't wait to get the stuff!!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
biosurfer1
post Jun 11 2008, 11:18 PM
Post #2


Teener fo Life!
****

Group: Members
Posts: 3,020
Joined: 3-August 03
From: Roseville, CA
Member No.: 977
Region Association: Northern California



wow, that suprises me. When we got our SSL it automatically updated links to https... I would never fill out anything without that little lock in the bottom right!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jason.H
post Jun 12 2008, 08:52 AM
Post #3


Newbie
*

Group: Members
Posts: 16
Joined: 22-November 05
From: Marietta, Ga
Member No.: 5,168



Hi Guys!

Manually creating a secure connection for that page is not necessary. All of your information is submitted through SSL to a separate handler, not that page. Once you fill in the form and hit submit, it's sent through a secure connection.

To ease worries though I made that page secure also. Sorry to get you guys worried!


Best regards,
Jason Humphrey
Auto Atlanta
770.427.2844 ext. 12
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
plymouth37
post Jun 12 2008, 08:57 AM
Post #4


Senior Member
***

Group: Members
Posts: 1,825
Joined: 24-May 05
From: Snoqualmie, WA
Member No.: 4,138
Region Association: Pacific Northwest



Well that was quick! Thanks Jason!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
stateofidleness
post Jun 12 2008, 10:33 AM
Post #5


Senior Member
***

Group: Members
Posts: 810
Joined: 1-September 07
From: Canyon Lake, Texas!
Member No.: 8,065
Region Association: None



Wow jason, thanks for the fix.
I think by not being an SSL page when entering the information leaves it susceptible to being spoofed more easily? Because, someone won't know they're "secure" until they hit submit might deter some people. It would be harder to spoof an ALREADY SSL encrypted page than it would be to spoof the current page.

Just throwin that out there, but awesome turn-around.

OT: hey jason, do ya'll have company stickers or logos? I like to show support for who is aiding me in this addiction lol
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
ericread
post Jun 12 2008, 12:15 PM
Post #6


The Viper Blue 914
****

Group: Members
Posts: 2,177
Joined: 7-December 07
From: Irvine, CA (The OC)
Member No.: 8,432
Region Association: Southern California



(IMG:style_emoticons/default/agree.gif)

I think the original post was excellent in bringing a potential security issue to light to all of us. The response form AA (Jason) was great.

Thanks to all! (IMG:style_emoticons/default/smilie_pokal.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Jason.H
post Jun 12 2008, 01:57 PM
Post #7


Newbie
*

Group: Members
Posts: 16
Joined: 22-November 05
From: Marietta, Ga
Member No.: 5,168



QUOTE(stateofidleness @ Jun 12 2008, 08:33 AM) *

Wow jason, thanks for the fix.
I think by not being an SSL page when entering the information leaves it susceptible to being spoofed more easily? Because, someone won't know they're "secure" until they hit submit might deter some people. It would be harder to spoof an ALREADY SSL encrypted page than it would be to spoof the current page.

Just throwin that out there, but awesome turn-around.

OT: hey jason, do ya'll have company stickers or logos? I like to show support for who is aiding me in this addiction lol



No problem. Any time you come across something that seems odd, or you have a question, you can let me know directly: jason<!at!>autoatlanta.com

Generally SSL is more for sniffers than spoofing. Spoofing would be if someone got you to go to a malicious website designed to look like ours with the intent of collecting your information. Anyone with a few bucks can have an SSL set up so having https won't make much difference. Heck, when was the last time you inspected the security certificate issued by the server?

Sniffers are designed to pull packets from the network for inspection. The packets carry the information you filled into the form. A secure connection encrypts the transmission so that anyone listening in can't tell what's being said, at least that's the idea.

Again, the transmission has always been encrypted, I just made it a bit more obvious.

I'm not sure if we have much in the way of stickers. I'll see if I can dig something up, otherwise I'll put it in the suggestions box.

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
SirAndy
post Jun 12 2008, 02:00 PM
Post #8


Resident German
*************************

Group: Admin
Posts: 42,257
Joined: 21-January 03
From: Oakland, Kalifornia
Member No.: 179
Region Association: Northern California



QUOTE(Jason.H @ Jun 12 2008, 11:57 AM) *

Heck, when was the last time you inspected the security certificate issued by the server?

this morning ... (IMG:style_emoticons/default/biggrin.gif)


but then again, i work in that industry. the every day user probably does not even know how to check the validity of a SSL certificate ...
(IMG:style_emoticons/default/type.gif) Andy
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 9th July 2025 - 12:30 PM