ClassCreator.com | Blockbuster sites, amazing reunions

Share Tips

New Topic Subscription Options  

HTTP vs HTTPS

Forums: General Discussion
Created on: 01/12/14 01:54 PM Views: 950 Replies: 5
Sunday, January 12, 2014 at 1:54 PM

Just curious....why is the forum site and our site under just a regular http and not a https? Wouldn't the regular http create more of a chance for the sites/accounts being accessed/hacked especially since we (as administrators paying for the service) are the ones using our credit cards and other information?

Reply
Sunday, January 12, 2014 at 1:58 PM - Response #1

When you log into your web site, although you can access the site from your regular domain name, all login information is passed securely. So it is actually https. Also note that everything involving financial transactions inside the site is also secured (https). Look for the little padlock symbol on your browser and you'll see it is locked.


Reply
Sunday, January 12, 2014 at 2:35 PM - Response #2

Maybe this is a simpler explanation:

The login is done via https://www.classcreator.com/yoursitename...

IOW, it IS https because that's the mechanism usedExclamation

Reply
Sunday, January 12, 2014 at 2:50 PM - Response #3

I noticed it does do the https when you're on the subscription page as Brad said along with the padlock but if you try and type in https://www.sitename.com then it gives you:

Shield icon
There is a problem with this website’s security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Recommended iconClick here to close this webpage.

Not recommended iconContinue to this website (not recommended).


More information

And if you decide to continue it still comes up with just the http as it is with the forums.

I was just curious about it since so many sites are going to the https format to show more of a secure connection. I never really knew much about it until we had to do a cyber security training here at work and they talked about that.

Reply
Sunday, January 12, 2014 at 3:05 PM - Response #4

SSL certificates are per site name. IOW, only classcreator.com is authorized, not "sitename"

So what CC has done is a compromise. Your "named" site itself is not secure in the https sense. Only critical information such as username/PW and financial data that is routed through the classcreator path.

Here's one place you can buy a certificate LINK and some background.

Jamie Reed wrote:

The security certificate presented by this website was issued for a different website's address.

Reply
Edited 01/12/14 3:06 PM
Sunday, January 12, 2014 at 4:11 PM - Response #5

Jack is correct. We secure what needs to be secured. If you put https before your site name things like an image aren't secured. That's what causes the warning. Even behind https though securing images wouldn't do any good. Everyone would still see them, everyone could still right click and save them, etc. Note that in the Reunion Planner where payments are made you actually go to a ClassCreator URL. Jack is correct again -- SSL certificates are per site name. That's the reason you're seeing our address there rather than your own. So it really is 100% secured behind https. If everyone wanted to see their own URL there they'd have to buy their own unique SSL certificate, which is costly. I doubt most if any would. Plus there really isn't a need anyway, as in effect we're extending ours to you to complete the financial transaction.


Reply
New Topic  
Subscription Options: Have all new forum posts sent directly to your email.
Subscription options are available after you log in.