S-Drive security - Post ID 272092

User 103173 Photo


VP of Software Development
0 posts

Viv @ Jewelcraft wrote:
Scott interesting one this, if CC put an ssl certificate on the s drive, could we all have https

After all I personally will not fill in a form on a site with more than my name, and email address unless it has got the https;

Many years ago a TV watchdog program even made an issue of telling internet users, not to enter name + address + email address unless its was https:

Is this whatKimberly is referring to ?

Yes, we do have plans to offer https on S-Drive. Interesting though about what you said about forms. You know that most forms deliver content over unsecured email, so even if the information was collected over SSL, it is still delivered as plain text. ;)
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 539803 Photo


Registered User
2,156 posts

Scott like everyone else I now understand that the ssl scaremongers are :lol: but as they are out there, and especially new internet users listening to what they say, have now made me remove requesting anything from a contact form other than a first name and email address.

Bit like no point moaning i have no customers when i have put scammer across my homepage

Still amazes me fore instance that i regularly get orders from my SCCP shop for £500.00 + when I swore blind at the outset when a friend of mine suggested i set up an internet shop, that know one in their right might would buy gold jewellery off a total stranger over cyberspace.

So the last thing i want to do is put them off

SSL asap please

Started using CC VSD in January 2009, I don't do HTML code, Sales from CC site exceeding expectations taken me out of semi-retirement
Hosted FREE on CC S DRIVE www.chauffeurdrivenluxurycars.co.uk
My new VSD & SCCP site Oct 2011 www.deloreanjewellery.co.uk
My friendly window cleaner www.mwcwindowcleaner.co.uk

User 364143 Photo


Guest
5,410 posts

Scott is right. The connection to your PC and the server might be secure, but the server sends the email out as plain text, which travels through many hops on it's way to the destination server. It really is pointless.
CoffeeCup... Yeah, they are the best!
User 2325043 Photo


Registered User
29 posts

This topic just became important to me.

I have a SSL purchased from and for a GoDaddy hosted account. I just CNamed (lack of better term) my hosting over to my S-Drive. Now when I type https://www.domain_name.com I get the red-screen (Chrome) and a nasty note about some warez hacker community called CoffeeCup ; )

What's the work around for this one ?

I have some merchant account stuff in the works (and existing) that will probably require the SSL certificate.

Thanks.


User 103173 Photo


VP of Software Development
0 posts

Josh Thalheimer wrote:
This topic just became important to me.

I have a SSL purchased from and for a GoDaddy hosted account. I just CNamed (lack of better term) my hosting over to my S-Drive. Now when I type https://www.domain_name.com I get the red-screen (Chrome) and a nasty note about some warez hacker community called CoffeeCup ; )

What's the work around for this one ?

I have some merchant account stuff in the works (and existing) that will probably require the SSL certificate.

Thanks.



Please open a support ticket and provide us with the actual domain and we can look into this for you.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 2421501 Photo


Registered User
3 posts

Hi, sorry if there is another thread on this one but I couldn't easily find it.

So, what was the answer on hosting your form with an SSL? IE: https:owndomain.com?

Not withstanding the merits (or not) of having one, perception might mean some people won't use our hosted form if they perceive it to be unsecured

Any help gratefully received.
User 103173 Photo


VP of Software Development
0 posts

russell.smith wrote:
Hi, sorry if there is another thread on this one but I couldn't easily find it.

So, what was the answer on hosting your form with an SSL? IE: https:owndomain.com?

Not withstanding the merits (or not) of having one, perception might mean some people won't use our hosted form if they perceive it to be unsecured

Any help gratefully received.

We do not provide SSL services on S-Drive at this time. It really doesn't make much sense to access a form over HTTPS because the email will still be delivered over standard email protocols which are unsecured.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 2421501 Photo


Registered User
3 posts

Hi Scott. Fair point. However, as some of the above posts state, a lot of https is about arm-waving and perception (for the end user) rather than real life security threats.

Also, I think we're able to turn off the email notification aren't we? Meaning that we can go and get the form contents from the HTTPS secure admin login area (CSV download). Frankly this is where I would get the data from and I'm not so interested in having it emailed to me.

So, I guess I'm surprised there's no way to make the form secure, using some sort of coffeecup wildcard SSL certificate maybe.

User 1350974 Photo


Registered User
1 post

I too am interested in making the form builder contact form as secure as possible using the S-drive. I currently am using this on a new site for a client and am pleased with the form and the fact that updates/upgrades are available. In fact, I just purchased the captcha v2 upgrade which the client likes.

I understand the form can be placed on my server but I lose the CC support.

Is the best way to embed the form on the new site and have a SSL certificate on the site?
User 187934 Photo


Senior Advisor
20,239 posts

Hi Ken,
You don't lose support for the form builder just because you placed it on your own server. CC supports all of it's apps fully when they are used in accordance to their requirements.
I can't hear what I'm looking at.
It's easy to overlook something you're not looking for.

This is a site I built for my work.(RSD)
http://esmansgreenhouse.com
This is a site I built for use in my job.(HTML Editor)
https://pestlogbook.com
This is my personal site used for testing and as an easy way to share photos.(RLM imported to RSD)
https://ericrohloff.com

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.