485 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 100+ members
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
omarabid says

Sorry, but I have to bump these old threads!

We need SSL across all marketplaces!

Tuts+ Premium Account Security Compromised

+1. Especially that some sellers makes thousands of $$ a month.

32 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 50+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
+2 more
robocreatif says

SSL won’t protect against a compromised server…

To be honest, I don’t see any need for it except perhaps on the log in page. Unless you log in once every other month, it’s pretty unlikely your account will be drained. There’s a hefty length of time between a request for withdrawal being made and the actual transfer of funds. Even if someone were to gain access to your account, change your email address and make a withdrawal on the last minute of the last day of the month, I’m sure you could still get the withdrawal canceled by contacting support (that is, if it’s acknowledged within two weeks). Even in that case, perhaps it would be better to not allow a change of email address unless it’s confirmed by clicking a validation link in the original email account.

973 posts
  • Has referred 10+ members
  • Has sold $5,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 100+ items on Envato Market
+5 more
aaranmcguire says

Agreed! I know this was a 3rd part thing but who the hell still stores passwords in plain text should be shot. Whats worse is they knew about it before this happened, come one, they have the money to do security but they dont do it.

I have a public project coming up soon (a subscription based webapp) but Im forcing https:// on all pages and Im planning to be come PCI compliant, even though I will not be storing any banking info. Security is a major thing and I would love to say even if we do get hacked passwords will be fine due to the encryption, because alot of people still use 1 or 2 passwords for the same thing, I know I do for mid security things like tuts+

oh, @envato I found this for you, http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/ such a good site dont you think? :sarcasm:

PS, I get a bit bitchy when people user plain text password, its just the inner developer inside me

1039 posts
  • Has referred 200+ members
  • Has sold $125,000+ on Envato Market
  • Has collected 50+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
Pixelworkshop says

I’ve been using a VPN for quite a long time (HMA) and I have the feeling that it adds a layer of security when browsing but well, I’m more a noob when it comes to technical stuff.

485 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 100+ members
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
omarabid says

SSL won’t protect against a compromised server… To be honest, I don’t see any need for it except perhaps on the log in page. Unless you log in once every other month, it’s pretty unlikely your account will be drained. There’s a hefty length of time between a request for withdrawal being made and the actual transfer of funds. Even if someone were to gain access to your account, change your email address and make a withdrawal on the last minute of the last day of the month, I’m sure you could still get the withdrawal canceled by contacting support (that is, if it’s acknowledged within two weeks). Even in that case, perhaps it would be better to not allow a change of email address unless it’s confirmed by clicking a validation link in the original email account.

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

32 posts
  • Has been part of the Envato Community for over 3 years
  • Has referred 50+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
+2 more
robocreatif says

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

True, but my point still stands: you can add as much browser security as you want, but it’s not going to protect against a server breach.

5 posts
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
  • Located in Romania
+4 more
nr913 says

SSL does not protect only login data, but also cookies, wich are sent every request. All the marketplaces should be protected, not just login section.

632 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude says

After what has happened, I would expect to have SSL security (for a marketplace that deals with money and people’s lives here) within a week or two.

107 posts quanticalabs.com
  • Power Elite Author: Sold more than $1M on Envato Market
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Has referred 500+ members
  • Has collected 50+ items on Envato Market
+7 more
QuanticaLabs says

You are underestimating the dangers. He can delete your files, buy products with your accounts and also ruin your reputation.

It’s even worse. He can change your e-mail address and you are left with nothing.

Anyway what about support.envato.com and plain text passwords? I can not login there anymore!

by
by
by
by
by
by