Forum log-in not secure

jdev21 · Post by **jdev21** » 09 May 2016 16:52

zer0 wrote:I remember that a while ago, a lot was made of XYplorer installation executable not being signed and that was corrected. However, I wonder how many people know that this forum log-in is not done in a secure manner and their username and password are sent in clear text.

The main forum page is not loaded over HTTPS, so this submit action is not encrypted:
Code: Select all
<input type="submit" name="login" value="Login" class="button2" />
A network sniff has confirmed that credentials are sent in clear text as per...

I know it's just a forum and such and I am not asking for the whole site to be encrypted, but sending the username and password in the clear? Really?

Thanks for pointing this out. It is VERY concerning.

Post by **admin** » 10 May 2016 09:30

I'm currently checking the costs of converting the whole domain to https via my provider.

Post by **highend** » 10 May 2016 09:35

https://www.hosteurope.de/SSL-Zertifika ... ation-SSL/
?

Post by **admin** » 10 May 2016 09:42

Zum Beispiel. Prüfe noch.

Post by **admin** » 18 Jun 2016 13:47

Done.

The whole site is now SSL secured. You might want to update your bookmarks.

JLoftus · Post by **JLoftus** » 18 Jun 2016 14:24

admin wrote:Done.

The whole site is now SSL secured. You might want to update your bookmarks.

Great! Thanks Don!

PeterH · Post by **PeterH** » 18 Jun 2016 15:21

For me this is a big (and necessary) improvement!

So: thanks a lot

Marco · Post by **Marco** » 18 Jun 2016 18:25

And 256-bit keys!

zer0 · Post by **zer0** » 21 Jul 2016 18:24

It may have taken a couple of years, but I am glad that we got there in the end

XYplorer Beta Club

Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure

Re: Forum log-in not secure