~~~~~~~~~~~~ IMPORTANT INFORMATION -- Please read! ~~~~~~~~~~~~

1. The "search..." box above searches the Docs & Forum Posts. The "Search" tab above just searches the Forum Posts. :side:
Please use these to search for your issue *before* creating a new message topic, as your issue may have been previously solved.
2. Please put your Club # and Club Web Address in your Forum Signature (best) OR in each post to get faster support from us.
Click here to edit your signature at the bottom of the Profile Information tab.
3. Our user and admin docs are available at: support.toastmastersclubs.org/doc "There's a doc for that!" ;)
4. There is an "Opt In" Feature for newly added members. The Opt In document explains the [strike]strikethrough[/strike] member information. Click Here to View the Post
5. When posting a New Topic , please include all relevant details and be specific. When did your issue 1st occur? What operating system, browser, & browser version are you using? Did you refresh your browser cache? Are your cookies enabled? Lastly, a screen shot is often helpful.
6. Please abide by the Terms of Use . We are volunteers contributing our spare time. We are happy to assist you, so long as you are respectful and courteous.
7. We are always looking for new FreeToastHost Ambassadors to join our team and support fellow Toastmasters in their use of the FreeToastHost website system. If you are familiar with the system and have some interest, send a Send Us a Private Message.

Secure Login Pages

More
9 years 11 months ago #52303 by Kingu
Secure Login Pages was created by Kingu
Good day,

Our administrators recently informed us that the free hosting does not include a secure login.

Looking closely, it appears they are right? I have seen other threads that say this is not possible. Curiously, as a system administrator, why exactly is this not possible? You use the same TLD, and just change subdomains. A wildcard SSL cert would take care of this in about a half hours worth of time.

Is this a possibility, if not, please explain why not.

Thanks :)
Club President
ROK the Talk #04456966
Mequon, WI 53092
The topic has been locked.
More
9 years 11 months ago #52306 by Brian
Replied by Brian on topic Secure Login Pages
The cost of a wildcard cert is about $900.00 if your company would like to donate the funds each year we would be glad to accept the funds. FTH is not part of Toastmasters International. FTH is run by Toastmaster volunteers for Toastmasters Clubs, the server is donated by a fellow Toastmaster.
The topic has been locked.
More
9 years 11 months ago #52307 by PeggyLeeHanson
Replied by PeggyLeeHanson on topic Secure Login Pages
So, on this same topic, as District 35 Webmaster, I've been notified that one of our corporate clubs have been banned from accessing their club website due to being an unsecure site.

Are you suggesting that to be secured through FTH each club would have to come up with $900 to become a secured site?

What other ways can our FTH sites be secured and safe from hackers and phishing schemes?

If this is not possible, FTH will not last long, especially in the corporate environments.

Respectfully,

Peggy Lee Hanson
District 35 Webmaster
Respectfully and gratefully,
Peggy Lee Hanson
TM35 Leadership Club #1517456
The topic has been locked.
More
9 years 11 months ago - 9 years 11 months ago #52309 by SteveTheTechie
Replied by SteveTheTechie on topic Secure Login Pages
Peggy,

FTH employs a number of security strategies. However, it really depends on what types of security are important to you...
  • Passwords are stored in our database with MD5 encryption. No one can access passwords, not even me.
  • Your email address is not required to be used for logins. An identifying number is used instead when you pick your name from the drop-down.
  • Spam Assassin is highly regarded for checking email... we use it. (We went through a lot of effort to fully implement it last year.) It is sophisticated and will catch most suspicious emails.
  • We block email with blind carbon copies, since those are frequently spam/phishing emails.
  • We allow blocking must publically accessible email addresses to block spam/phishing emails.
  • We block emails to distribution lists from those who are not authorized to send to those lists. (we check list membership)
  • We provide a mechanism for clubs to black list email addresses.
However, some additional security strategies require an expenditure of money for a "security certificate" or similar. (https/SSL, DKIM signatures, etc.) As we are not supported by Toastmasters International, we are not a company, and we are an independent effort driven by volunteer Toastmasters labor and open source/free software only, we have no money for purchasing security certificates. (The fact that we have been able to accomplish as much as we have despite that is no small miracle.)

You should not infer that security is unimportant to us. However, the fundamental premise of FreeToastHost is that it is free for clubs and districts to use, so we cannot really absorb any expenses, because we have no funding.

Brian is really the go-to guy on this, and he has been an integral part of the FreeToastHost effort since 2004, and I defer to him and trust his instincts on this completely. I only chimed in here because I do not want people to think we don't care about security... We absolutely do care about security. However, we also have additional constraints that we adhere to.
Last edit: 9 years 11 months ago by SteveTheTechie.
The topic has been locked.
More
9 years 11 months ago #52312 by PeggyLeeHanson
Replied by PeggyLeeHanson on topic Secure Login Pages
Steve,

Thank you for your lengthy explanation. My intention was not to be disrespectful nor infer that security is not important to you or all who volunteer their time, resources, and brilliance to FTH. I sincerely apologize that my comment had that affect.

It is a concern, however, to me, and the clubs in my district, that another choice could be made by those clubs to go another route other FTH. I LOVE FTH and actively promote and support the program. But, I guess that would be their choice to make.

I will forward your explanation onto the district leaders, one of whose company has blocked access to his club; perhaps the explanation may be enough to allow club access to its members.

Please, once again, accept my deepest apology for the unintentional negative inference. But also please, accept my deepest gratitude for all you and your team do to make the job of webmaster easy.

In appreciation and with the utmost respect,
Peggy
Respectfully and gratefully,
Peggy Lee Hanson
TM35 Leadership Club #1517456
The topic has been locked.
More
9 years 11 months ago #52316 by SteveTheTechie
Replied by SteveTheTechie on topic Secure Login Pages
Peggy,

I was not offended. However, in an open forum like this, I want to make sure people viewing this thread do not get the wrong ideas. Keep in mind that this is essentially like us having a conversation in front of a large crowd. ;)
The topic has been locked.
Time to create page: 0.113 seconds

Copyright © 2025 FreeToastHost 3 Support. All Rights Reserved.