Page 2 of 2
Re: Forum log-in not secure
Posted: 09 May 2016 16:52
by jdev21
zer0 wrote:I remember that a while ago, a lot was made of XYplorer installation executable not being signed and that was corrected. However, I wonder how many people know that this forum log-in is not done in a secure manner and their username and password are sent in clear text.
The main forum page is not loaded over HTTPS, so this submit action is not encrypted:
Code: Select all
<input type="submit" name="login" value="Login" class="button2" />
A network sniff has confirmed that credentials are sent in clear text as per...
I know it's just a forum and such and I am not asking for the whole site to be encrypted, but sending the username and password in the clear? Really?
Thanks for pointing this out. It is VERY concerning.
Re: Forum log-in not secure
Posted: 10 May 2016 09:30
by admin
I'm currently checking the costs of converting the whole domain to https via my provider.
Re: Forum log-in not secure
Posted: 10 May 2016 09:35
by highend
Re: Forum log-in not secure
Posted: 10 May 2016 09:42
by admin
Zum Beispiel. Prüfe noch.
Re: Forum log-in not secure
Posted: 18 Jun 2016 13:47
by admin
Done.
The whole site is now SSL secured. You might want to update your bookmarks.
Re: Forum log-in not secure
Posted: 18 Jun 2016 14:24
by JLoftus
admin wrote:Done.
The whole site is now SSL secured. You might want to update your bookmarks.
Great! Thanks Don!
Re: Forum log-in not secure
Posted: 18 Jun 2016 15:21
by PeterH
For me this is a big (and necessary) improvement!
So: thanks a lot
Re: Forum log-in not secure
Posted: 18 Jun 2016 18:25
by Marco
And 256-bit keys!
Re: Forum log-in not secure
Posted: 21 Jul 2016 18:24
by zer0
It may have taken a couple of years, but I am glad that we got there in the end