Hi,

while discogs.com can be accessed using https, this is barely possible for gearogs. Could you please fix this?

Thanks,
Robert

Hi Robert - thanks for your message. We'll look into this and see if we can enable it easily.

Can I ask what the reason is for you wanting to access via https? Thanks!

Because I don't want anybody on the line to know which devices I look at or add to my collection. Because I don't want anybody on the line to manipulate the scripts from your site before they are being executed on my machine. Because I don't want anybody on the line to alter forum posts I wrote on their way to your site. The list is endless.

Why would anybody not want to access the site via https?

Hi - thanks, of course HTTPS offers more security, I was just wondering if you were seeing any other issues. We don't have HTTPS on our roadmap right now, but I'll keep this in mind for future updates.

Well, the other advantage of https is authentication. Only with this I can be sure that I'm really seeing your site and not a mock-up done by some man in the middle.

Hi - thanks again for the feedback. We'll for sure take this into consideration for future development!

I'd really appreciate HTTPS as well.

We've got it now!

Hey, that's great news! Thank you very much and a nice weekend to you!

Just to say. While HTTPS does offer a layer of security (encrypting traffic to and from client and server) this won't stop the likes of cross site scripting (XSS) or SQL injection to name a few. The website source code will need to be reviewed and modified to stop that form happening.

If people are concerned about this then there is plenty of info online etc :)
maybe the website developers might want to do a pen test on the website.

Login or Register to post a reply to this topic.