Menu bar

Our mission: To provide various activities that promote and enrich the welfare of children in home, school and community while developing relationships between educators and parents to provide a united effort in the general support and education of our children.

Meeting dates, Donate and Join bar

HOT TOPICS
Walk-for-FUNds is October 11th, 2019
Join the 2019-2020 PTA
Translate this page:

Site Security

The Boght Hills PTA's top digital priority is to ensure the online safety of our community and ensure our privacy.  As part of our commitment to your security and privacy, this page is intended to explain some of the security features that we have chosen to implement.

As an experienced web user, you will notice that:
1) The primary web-site (http://www.BoghtHillsPTA.org) is using HTTP and not HTTPS.
2) Services with personal information, such as the PTA Directory, are all hosted separately at https://secure.BoghtHillsPTA.org/......

For the secure server, we are using digital certificates from the Let's Encrypt Project.  Our digital certificate is regenerated every 75 days to ensure that they have not been compromised.

You might be wondering why we have chosen to use HTTP in some areas of our web-ste

Executive summary:
We have chosen to use the managed platform provided by Blogger to power this web-site.  This means that Blogger provides all security updates, patches, module installations and security scans.  Blogger has chosen not to support encryption on custom domains.

We have chosen for the more distinctive look of using the BoghtHillsPTA.org domain and a fully managed platform at the expense of encryption.

What does this mean to you:
Really not very much.  This site is safe for the following reasons:
  1. There is no confidential data posted here - or anything specific to a single user or group of users
  2. There is no way to log into the site
  3. There is no business transacted by this site - and absolutely no financial data
  4. User contributed content (comments, links, etc....) are all disabled
If you happen to find a bug or security hole that allows you anything other than reader access to this site, we would encourage you to submit your findings to the Google Bug Bounty program at https://www.google.com/about/appsecurity/reward-program/  You can get paid by Google for finding glitches in their platform.

I need more technical details:
When you connect to a web-site either via HTTPS or HTTP, the following information might be captured by evil people:
  1. Your IP address via HTTP
  2. DNS traffic from your computer and what domain names you attempt to resolve
  3. The date and time
  4. The count of packets and approximate data size

Additional information might be captured since this site is using HTTP, it is possible that evil people could see the following information:
  1. The number of times you load specific pages
  2. The order in which you read specific pages

Now remember, every page is public with no specific content.  So basically, there is no significant downside to using HTTP on a read-only web-site.

We feel that having the fully managed and patched blogging platform that provides Google search engine integration is more important that enabling HTTPS.