compcamps / website Goto Github PK

View Code? Open in Web Editor NEW

1.0 5.0 2.0 47.03 MB

The official website for MSI CompCamps.

Home Page: https://compcamps.com

HTML 3.37% JavaScript 12.90% CSS 11.53% Vue 47.36% TypeScript 24.83%

website's Introduction

Official CompCamps Website

The official website for MSI CompCamps hosted at: www.compcamps.com

Development

npm i
npm run dev
npm run build
npm run serve

website's People

Contributors

Stargazers

Watchers

Forkers

andrewjmd aholicknight

website's Issues

Payment is asking for USD.

I did everything in the signup but at the end its asking for USD not CAD.

Wrong PHP versions on Trusty

e473633 has caused the PHP setup in Vagrant to be using different versions and the setup is not done correctly. We'll need to use Xenial. The dash branch is still on Xenial, master is on Trusty.

Cant signup

I have everything valid for the registration but when I click next it wont proceed.

CircleCI Check is broken

Everytime a pull request is made to the repo, it would always say the check has failed due to CircleCI being broken.

SSH problem

@synixebrett said in my pull request (#67) that there was a problem with the SSH.

Payment portal is through HTTP.

This problem should be big because let's say you are making a payment on a open wifi such as a cafe, public place, hotel, etc. If anyone is doing a MITM attack they will be able to see the credit card info being sent thru.

Link: http://compcamps.com/dash/register

Remove library duplication between core and dash.

Font-awesome is double included for sure, not sure if jQuery is also.

X-Frame-Options Header Not Set.

X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

Site effected: www.compcamps.com

Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. ALLOW-FROM allows specific websites to frame the web page in supported web browsers).

Informational Public Pages

The public facing pages. Containing information about the camps.

Site is HTTP

The main website http://www.compcamps.com is HTTP.

While every other page has HTTPS this issue is not big. It can still be MITM attacked.

Vue development library in prod

We are using the Vue.js development library in production. We should add a build step to switch to the production version before deploy.

Image Slider Loading Time

The google photos slider takes a noticeable amount of time to load. I would like to find a better way to generate the list of images on the fly with Javascript. This isn't a huge issue though and I don't want to over complicate it.

WYSIWYG Editor for static content

We should really use a WYSIWYG editor instead of static HTML pages. We don't want to lose that functionality when switching away from WordPress.

POP3s and imaps vulnerable by Weak Diffie-Hellman.

Transport Layer Security (TLS) services that use Diffie-Hellman groups of insufficient strength, especially those using one of a few commonly shared groups, may be susceptible to passive eavesdropping attacks.

Nmap scan:

995/tcp open pop3s
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE

993/tcp open imaps
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE