• Register
  • Help
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Topic: Garritan web site security issue?

Share/Bookmark
  1. #1

    Garritan web site security issue?

    Hi, just popping to make any Garritan employees aware of this recent thread on KvR forums:

    http://www.kvraudio.com/forum/viewtopic.php?t=219649?start=1

    The original thread subject is not really the issue, rather the question appearing later about http:// https:// status of Garritan web pages. I'm not internet security-savvy enough to know what's going on, but at least it's confusing enough that you may want to ease people's minds about it, in case it's some trivial misunderstanding.

  2. #2

    Re: Garritan web site security issue?

    I just like to say a few words about the security of online ordering on the Garritan site. The current online order form encrypts all user data via the HTTPS protocol -

    HTTPS (Hyper Text Transfer Protocol Secure) is a secure version of the Hyper Text Transfer Protocol (http). Secure means of transferring data using the https protocol in the World Wide Web where secure ecommerce transactions, such as online banking transactions and other transactions, are involved. In other words, https encrypts the session with a digital certificate i.e., HTTP over SSL (Secure Sockets Layer) which can be used by Web browsers and HTTPS - capable client programs. So, if the website begins with https:// instead of http://, it is a secure site. Almost 99% of the browsers can connect to web servers either using http or https. The address bar in the browser will begin with https instead of http, if a web site is secured. Web browsers like IE, Firefox etc., display a pad ”lock” icon to indicate the website is secure, which also displays https in the address bar. This padlock icon is displayed only when an SSL certificate is installed by their web server. If the padlock icon and the web link begin with HTTPS Protocol work with the combination of programs including the browser programs which takes care of the encryption/decryption routines that exist on the web hosting servers.

    Aside from this I constantly monitor the server and all web traffic and have many safeguards in place to prevent and log any attempts to intercept data as well as all other types of hacking attacks that web servers experience. The upshot of all this means that ordering on Gary's site is probably more secure than using your credit card in a shop and it's a fact that a lot of credit card fraud and identity theft is perpetrated by insiders (I know this having experienced it).

    Please also be assured that no personal or financial information is stored on the server in any form as a further safeguard.

    If you need further reassurance please PM me or email tony@monaghan.tv

  3. #3

    Re: Garritan web site security issue?

    Sorry Tony, but when you click the Online order link, you are not brought to a secure https page but rather to an unsecure http page. And this regardles of whether you use IE7, Opera or Firefox. Clearly something is wrong here.

  4. #4

    Re: Garritan web site security issue?

    Like I said all data is sent encrypted.

  5. #5
    Moderator
    Join Date
    Jun 2000
    Location
    Chandler, Arizona
    Posts
    4,045

    Re: Garritan web site security issue?

    Tony,

    I'm showing that the page is unsecured. No https or padlock on the page. I won't order from a site if I don't see these. So please check it again.

    Jim

  6. #6
    Moderator
    Join Date
    Oct 2000
    Location
    Orcas Island
    Posts
    11,454

    Re: Garritan web site security issue?

    OK I think I see where the problem is. There seem to be two links: https://garritan.com/order.php and http://garritan.com/order.php.

    All links should point to the secure https://garritan.com/order.php link. Please let me know if there is a link that does not have the right link and we'll correct it. In the meantime we'll work at either disabling the old link or directing it to the secure https link.

    Thanks

    Gary

  7. #7

    Re: Garritan web site security issue?

    Gary, these three links lead to the insecure page:


  8. #8
    Moderator
    Join Date
    Oct 2000
    Location
    Orcas Island
    Posts
    11,454

    Re: Garritan web site security issue?

    Nickie,

    Thanks very much. I think those links are fixed now.

    Best

    Gary

    Quote Originally Posted by Nickie Fønshauge View Post
    Gary, these three links lead to the insecure page:

  9. #9

    Re: Garritan web site security issue?

    Yeah, they are OK now. That was quick!

  10. #10

    Re: Garritan web site security issue?

    If all you did is change the links, I'd suggest a more robust solution. The order page itself should check the URL to ensure that it contains https and if not should redirect to itself with https. Otherwise you leave the opening for someone to type the URL into their browser as http and not get a secure page.

Go Back to forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •