I suggest you ...

Wallet/SSL

I love the idea of the wallet section but I am curious about the security of doing so. The website does not use SSL/https by default (suggestion to do so), photo's are uploaded unencrypted unless https is specified. Once uploaded, are they stored encrypted in a database or file system? Does admins/developers have access (physical or remote) to see what is uploaded? Is access to these images audited and review? Do you use any 3rd party scanning/pen testing to find holes that could show users information? Thanks!

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Eric Duncan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • AdminDiveboard team (Admin, Diveboard) commented  ·   ·  Flag as inappropriate

        Hi Eric,

        If you wouldn't upload your pictures as private on Flickr, or any other online photo sharing site, don't upload them on Diveboard.
        There is no such thing as picture encryption nowhere on the Internet (or your browser wouldn't be able to display it). What we can guarantee is that the location of the assets is obfuscated enough not to be guessable - same mechanics as on Flickr - and nobody else but you can retrieve this location.

      Feedback and Knowledge Base