Member Website Security?????

LoveToDisney

LoveToDisney

Always needing another Disney trip!
Joined
Jan 22, 2004
Messages
1,867
There's a thread that is talking about all the things you can look up on the dvc member website--checking points, looking at contract info and dates of reservtions. I mentioned security issues on that thread but think it got buried so here it is...

Does it bother anyone that NONE of this info is on an "https" secure server and all our sensitive information such as contract number, dates of reservations, etc. are accessible to anyone on the internet as we receive those pages to view since it is not coming over a secure server???? If anyone was monitoring the site, they could glean a TON of information because it is all coming via text rather than over a secure site. I don't understand why DVC has allowed this?
 
LoveToDisney said:
There's a thread that is talking about all the things you can look up on the dvc member website--checking points, looking at contract info and dates of reservtions. I mentioned security issues on that thread but think it got buried so here it is...

Does it bother anyone that NONE of this info is on an "https" secure server and all our sensitive information such as contract number, dates of reservations, etc. are accessible to anyone on the internet as we receive those pages to view since it is not coming over a secure server???? If anyone was monitoring the site, they could glean a TON of information because it is all coming via text rather than over a secure site. I don't understand why DVC has allowed this?
Click to expand...

OK, color me stupid. How do I look up my points on the DVC website? When I log on to it I can't find an option to see anything specific to myself.
 
Galahad said:
OK, color me stupid. How do I look up my points on the DVC website? When I log on to it I can't find an option to see anything specific to myself.
Click to expand...
Click on "My DVC" and you will then see options to click on, such as contract info, points, reservations, etc...can't remember the actual names. As you click on each one and the info is brought up, that info is coming over a http server without any safeguard toward that text so anyone in the world can see it if they are monitoring that site. They should instead have the information on a secure server (https) to everything sensitive is encrypted.
 

LoveToDisney said:
Click on "My DVC" and you will then see options to click on, such as contract info, points, reservations, etc...can't remember the actual names. As you click on each one and the info is brought up, that info is coming over a http server without any safeguard toward that text so anyone in the world can see it if they are monitoring that site. They should instead have the information on a secure server (https) to everything sensitive is encrypted.
Click to expand...

Ah thanks. Perhaps it's lack of inutitiveness is security enough ;). Reservations are still just a "request" right? You can't actually check availability online can you?
 
There really isn't much information would be useful to a hacker without your personal information, none of which is visible on the non secure pages. Once you go into fee payments or personal profile, you are redirected to a secure server.
 
Besides, there is certainly much more info available on the County site listing deed info, contract pricing and mortgage info. Don't even need a password for that...it is public record.
 
Chuck S said:
Besides, there is certainly much more info available on the County site listing deed info, contract pricing and mortgage info. Don't even need a password for that...it is public record.
Click to expand...
But it doesn't list your upcoming vacation dates like the DVC site does along with your contract number.
 
LoveToDisney said:
But it doesn't list your upcoming vacation dates like the DVC site does along with your contract number.
Click to expand...
Actually, the county site does list your contract number, not your membership number. At least the DVC site makes you log on, and you can't access any other member's info.
 
There is nothing one could do if they had your vacation dates and contract/membership number.

They would also need a fair bit of personal information and none of that is transmitted insecurely.
 
Chuck S said:
.....At least the DVC site makes you log on, and you can't access any other member's info.
Click to expand...
And the log on screen is not secure either--it's appears only to be http.
 
You must log in or register to reply here.

New Threads

Aaryana
Current recommendations for old favorites? CRR, Topolino's, Storybook...
Replies
1
Views
101
MICKIMINI
MICKIMINI
bobbiwoz
Carry on bottles of water?
Replies
0
Views
169
bobbiwoz
bobbiwoz
moonshadow
First Time 3 Resort Trip
Replies
0
Views
85
moonshadow
moonshadow
luvdisney14
Stroller Rental
Replies
2
Views
343
scrappinginontario
scrappinginontario
T
Are there set days for certain shows/events on Treasure?
Replies
0
Views
342
ten822
T
P
Unable to merge reservations via email
Replies
3
Views
627
Best Aunt
Best Aunt
E
Snagged my Beak and Barrel Reservation
Replies
3
Views
678
keishashadow
keishashadow
KGmomoftwins
Stroller and scooter parking on wish
Replies
2
Views
699
KGmomoftwins
KGmomoftwins
NEWS & UPDATES
DVC INFORMATION
DVC POINT CHARTS
DVC RESALES
DVC RENTALS
DVC LENDING



New Posts











New Posts

srauseo
***Official April 2026 Thread***
Replies
7
Views
2K
DisneyCayley
D
monorailmom
Beak and Barrel Seating Experiences
2 3
Replies
44
Views
9K
Nabas
Nabas
A
Last minute (kind of) December plan - Help pls !!!
Replies
17
Views
3K
GrandmaLT
G
Nayan
Disney Is the Happiest Place on Earth, if You Can Afford It
2 3
Replies
46
Views
8K
Dakota731
D
C
Late Summer/Early Fall Incentives
35 36 37
Replies
726
Views
77K
muppets3d
M
EasinEpcot
November or December trip - pros and cons?
2
Replies
22
Views
3K
Babsy
Babsy
kimmar067
Pictures of Transportation...
7 8 9
Replies
177
Views
12K
hardcorestitch
hardcorestitch
MKCP1984
**UPDATED: 116 SSR June U.Y. Points for Rent @ $18.50pp
2 3
Replies
54
Views
7K
etrenne
E
SunDial
Where In The World 21. We are now completely legal!!!
3001 3002 3003
Replies
60K
Views
2M
Diane♥Disney
Diane♥Disney
N
What’s for Dinner Tonight?
347 348 349
Replies
7K
Views
395K
hardcorestitch
hardcorestitch
View more…




DIS Facebook DIS youtube DIS Instagram DIS Pinterest DIS Tiktok DIS Twitter DIS Bluesky

Back
Top Bottom