488 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 100+ members
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
omarabid says

Sorry, but I have to bump these old threads!

We need SSL across all marketplaces!

Tuts+ Premium Account Security Compromised

+1. Especially that some sellers makes thousands of $$ a month.

32 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 50+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
+2 more
robocreatif says

SSL won’t protect against a compromised server…

To be honest, I don’t see any need for it except perhaps on the log in page. Unless you log in once every other month, it’s pretty unlikely your account will be drained. There’s a hefty length of time between a request for withdrawal being made and the actual transfer of funds. Even if someone were to gain access to your account, change your email address and make a withdrawal on the last minute of the last day of the month, I’m sure you could still get the withdrawal canceled by contacting support (that is, if it’s acknowledged within two weeks). Even in that case, perhaps it would be better to not allow a change of email address unless it’s confirmed by clicking a validation link in the original email account.

973 posts
  • Has referred 10+ members
  • Has sold $5,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 100+ items on Envato Market
+5 more
aaranmcguire says

Agreed! I know this was a 3rd part thing but who the hell still stores passwords in plain text should be shot. Whats worse is they knew about it before this happened, come one, they have the money to do security but they dont do it.

I have a public project coming up soon (a subscription based webapp) but Im forcing https:// on all pages and Im planning to be come PCI compliant, even though I will not be storing any banking info. Security is a major thing and I would love to say even if we do get hacked passwords will be fine due to the encryption, because alot of people still use 1 or 2 passwords for the same thing, I know I do for mid security things like tuts+

oh, @envato I found this for you, http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/ such a good site dont you think? :sarcasm:

PS, I get a bit bitchy when people user plain text password, its just the inner developer inside me

1043 posts
  • Has sold $125,000+ on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
+9 more
Pixelworkshop says

I’ve been using a VPN for quite a long time (HMA) and I have the feeling that it adds a layer of security when browsing but well, I’m more a noob when it comes to technical stuff.

488 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 100+ members
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
omarabid says

SSL won’t protect against a compromised server… To be honest, I don’t see any need for it except perhaps on the log in page. Unless you log in once every other month, it’s pretty unlikely your account will be drained. There’s a hefty length of time between a request for withdrawal being made and the actual transfer of funds. Even if someone were to gain access to your account, change your email address and make a withdrawal on the last minute of the last day of the month, I’m sure you could still get the withdrawal canceled by contacting support (that is, if it’s acknowledged within two weeks). Even in that case, perhaps it would be better to not allow a change of email address unless it’s confirmed by clicking a validation link in the original email account.

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

32 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 50+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
+2 more
robocreatif says

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

True, but my point still stands: you can add as much browser security as you want, but it’s not going to protect against a server breach.

5 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
+5 more
nr913 says

SSL does not protect only login data, but also cookies, wich are sent every request. All the marketplaces should be protected, not just login section.

633 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude says

After what has happened, I would expect to have SSL security (for a marketplace that deals with money and people’s lives here) within a week or two.

127 posts quanticalabs.com
  • Power Elite Author: Sold more than $1M on Envato Market
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Has referred 1000+ members
  • Has collected 50+ items on Envato Market
+7 more
QuanticaLabs says

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

It’s even worse. He can change your e-mail address and you are left with nothing.

Anyway what about support.envato.com and plain text passwords? I can not login there anymore!

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by