1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

!not secure

Discussion in 'Technology Advice' started by Jim, Sep 3, 2018.

  1. Jim
    Offline

    Jim Well-Known Member Trusted Member

    why does this give me a warning:! Not secure? On Google Chrome.
  2. bigmac
    Offline

    bigmac Well-Known Member Trusted Member

    same with mine
  3. paul233
    Offline

    paul233 New Member

    Same here, but don't worry. If you click on "not secure" (which I've also seen on other websites), it tells you that you shouldn't enter sensitive information, like credit card numbers (who's going to do that?) or passwords (presumably passwords you use for other sites).
  4. Anon04576
    Offline

    Anon04576 Well-Known Member

    The site doesn’t have an SSL certificate hence the warning. Google wants ALL websites to adopt a secure link between website and user. It is good practice to have a completely secure website. Furthermore, Google penalises sites that don't have a secure site by reducing the sites ranking.

    Within my work I adopted an all-secure website even before the likes on fb and Google were doing the practice. Websites at that time would only secure parts of their websites, such as parts of the website were financial transactions were taking place. Google then suggested and acted upon having all-secure sites. This is ultimately why you now see this ‘informational’ notice.

    No real sensitive information is passed here like CC transactions. Logging on the forum on none secure wifi access points needs to be considered but the risk is small. To accomodate for that potential one can enable 2fa as described here

    http://british-filipino.com/index.php?threads/forum-security-two-step-verification.13007/
  5. Bootsonground
    Online

    Bootsonground Guest

    Being a participant on the internet is insecure in nature.. Bahal ka!!!!
  6. oss
    Offline

    oss Somewhere Staff Member

    We run on HTTP and Google wants and mandates that everyone must run on HTTPS they decided a little while ago that they would mark any site being served using the HTTP protocol not secure in the address bar.

    This is over the top, the only difference between http and https is that the https connection is encrypted end to end, that means from your browser to the web server that hosts any specific website like this one.

    The purpose of the encrypted pipe (programmers like me often refer to the connection as a pipe) is to prevent man in the middle attacks, this is where some black hat baddie is sitting in a data centre which is acting as a major routing point for internet traffic, like people working at your ISP or BT in a technical capacity.

    If someone say has access to a high level router that is handling serious traffic they can put a packet sniffer on the line and dump the raw text of the HTML pages to a hard disk whereupon they can analyse the traffic at their leisure picking up passwords and user name combinations, this is why you should not be using the same password here that you use for any other site particularly banks.

    In reality traffic is constantly routed through different physical routers and one page won't necessarily end up at our server via the same route as the next page, so man in the middle is not that easy, but it is a real issue.

    The certificate required to make British Filipino secure could cost quite a lot of money, though if we did it we would likely go for a cheap one from Go-Daddy or the likes, the problem is hosting the SSL certificate (Secure Sockets Layer) and until recently the way the site is hosted on a shared server precluded a dedicated SSL certificate.

    As the majority of the data held on this site is not exactly delicate or sensitive we have not seen the need to apply SSL to the site, amongst other things it will slow it down very slightly.
    • Like Like x 1

Share This Page