While most contents of this website are open to the public, the Community (including Contact Directory) and Forum do require authorization. CS Login has been the primary authentication method since it allows our members to use members-only features without the need of another set of id and password. As CS Login is the most important credentials of the students of the Department of Computer Science, we understand that how CS Login is processed in the website is a common concern of our members.
First of all, we would like to assure all of you that CS Login password is neither stored by the website nor accessible by website administrators formed with the members of the executive committee and its subcommittee. The authentication process is fully automatic—all CS Login id and password are handled by the official “Authentication – LDAP” Joomla! plugin with the LDAP server of the Department. However, although we are able to ensure the internal processes of the website are safe, network transmission is out of our control. There may be criminals intercepting network transmissions to capture user credentials.
To improve security of network transmission, we consulted with CS Technical Support and they have kindly permitted our website to be accessible via HTTPS, which provides an encrypted channel for users to transmit sensitive information like user credentials to a server over the network. The URL of the HTTPS interface of our website is https://i2.cs.hku.hk/~csa/. Browsers may issue a warning on the certificate, as the certificate of the website is issued by CS Technical Support instead of a trusted certificate authority. The browser warning does not affect the security of the website. The warning can be safely disregard after verifying that the certificate is issued by *.cs.hku.hk.
We do not plan to redirect all traffic to the HTTPS interface at the moment. However, members signing in from an unsecure network, especially an unencrypted wireless network, are strongly encouraged to use the HTTPS interface to reduce the risk of user credentials being captured by criminals. Members are also recommended to bookmark https://i2.cs.hku.hk/~csa/ instead of http://i.cs.hku.hk/~csa/.
Finally, we would like to greatly thank CS Technical Support for their continuous support to the Association. They helped a lot!