GoPrism Security

Forum rules

Just a few rules for this forum:

  • Keep discussions relevant and productive - try not to be overly-critical (no trolling).
  • Posts don't have to be about Indigo, but please don't use this forum as a platform to actively promote other competing products.
  • The forum is open to everyone whether they're an installer or not for the simple reason that users often may have useful suggestions to the installer community. We can change this later if it becomes an impediment to it's primary function.

We want to encourage/grow the installer market so let us know if there's anything else we can do to facilitate your business.

Posted on
Tue Sep 24, 2013 10:20 am
Dewster35 offline
Posts: 1029
Joined: Jul 06, 2010
Location: Petoskey, MI

GoPrism Security

I realize that GoPrism can use up to 256 Bit encryption, but can someone explain how secure this in layman's terms as best as possible? Same software banks use? Government? Etc. something to set a client's mind at ease.

Posted on
Tue Sep 24, 2013 1:02 pm
RogueProeliator offline
User avatar
Posts: 2449
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: GoPrism Security

I think that you are on track with attempting to put security in layman's terms — because in general the size an encryption key is more marketing speak than anything; to the average user it is simply a number such that bigger-is-better in their mind whereas to a more knowledgable IT person it actually means very little without knowing what algorithm is being employed to do the encryption.

But to stay in layman's & marketing terms for your clients, the SSL/TLS certificates issued today by the major CA's usually support keys up to 256-bit in length; meaning that the connection is using the same security as most other e-commerce and banking sites.

Obviously it is a LOT more complicated than this and I can go into more detail if interested, but in general you should be safe saying that they are getting the same level of security as their bank provides.

Adam

Posted on
Tue Sep 24, 2013 2:04 pm
Dewster35 offline
Posts: 1029
Joined: Jul 06, 2010
Location: Petoskey, MI

Re: GoPrism Security

Adam - This is what I was looking for. At some point I'd like to get more versed in all of the technical details so I can speak intelligently about it when asked, but I think something as simple as "This is the same method as online banks use" should suffice. Jay and Matt... feel free to chime in if that sounds like some sort of slippery slope statement.

Posted on
Tue Sep 24, 2013 2:27 pm
RogueProeliator offline
User avatar
Posts: 2449
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: GoPrism Security

One thing to be careful... talking here only about the available protection of the stream of data between the client and the server - there are a LOT more factors that go into the security of a site than just this one little piece. So this is not saying that overall it is just as safe as using a bank or Amazon.

Therefore, you probably don't want to make overly broad statements such as "this is as safe as using your bank's site" which would not necessarily be the case and might get you into trouble. However, saying that the "data going over the internet is encrypted in the same manner that is used when you use your bank or Amazon" would be pretty safe.

Posted on
Tue Sep 24, 2013 2:32 pm
RogueProeliator offline
User avatar
Posts: 2449
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: GoPrism Security

One other thought, you might be able to avoid any concrete statement at all by simply showing them an example of the service... All modern browsers identify when the site that you are on is secured by SSL/TLS -- and a surprising number of people have been groomed to look for that on, especially, e-commerce sites. You might be able to point that out and simply state that it is a secured connection similar to using a bank or Amazon.

Posted on
Wed Sep 25, 2013 8:28 am
matt (support) offline
Site Admin
User avatar
Posts: 20700
Joined: Jan 27, 2003
Location: Texas

Re: GoPrism Security

RogueProeliator wrote:
You might be able to point that out and simply state that it is a secured connection similar to using a bank or Amazon.


That is what I would recommend as well. The most important thing is to remember to set a good/strong password.

Image

Posted on
Wed Sep 25, 2013 9:11 am
Dewster35 offline
Posts: 1029
Joined: Jul 06, 2010
Location: Petoskey, MI

Re: GoPrism Security

matt (support) wrote:
That is what I would recommend as well. The most important thing is to remember to set a good/strong password.


Yep... I went with something pretty bland. So, does go prism encrypt the data or does indigo? Can I make the same statement if I use a direct connection and forgo the reflector?

Posted on
Wed Sep 25, 2013 9:44 am
matt (support) offline
Site Admin
User avatar
Posts: 20700
Joined: Jan 27, 2003
Location: Texas

Re: GoPrism Security

The reflector encrypts the traffic from the Mac to the hosted GoPrism.com server, then it is the browser's (and/or Indigo Touch's) HTTPS connection that encrypts the data to the hosted server (net result is all traffic is encrypted).

If you directly connect, then the traffic is not encrypted. We have a feature request list to add native HTTPS support to Indigo. Note that the authentication process does NOT send the password in the clear though. So although someone could potentially snoop in on the traffic of a direct connection they wouldn't be able to sniff/capture the password.

Image

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 1 guest