x404.co.uk - View topic

View unanswered posts | View active topics It is currently Sat May 24, 2025 9:43 pm

https

Moderators: saspro, HeatherKay, belchingmatt, timark_uk, Blue_Nowhere, l3v1ck, veato

Page 1 of 1

[ 5 posts ]

Print view

Previous topic | Next topic

https

Author

Message

l3v1ck

What's a life?

Joined: Fri Apr 24, 2009 10:21 am
Posts: 12700
Location: The Right Side of the Pennines (metaphorically & geographically)

https

Just out of curiosity, is there any reason this site uses http rather than https to login with?

_________________


	pcernie wrote: 'I'm going to snort this off your arse - for the benefit of government statistics, of course.'

Sun Apr 03, 2011 12:22 pm

jonbwfc

What's a life?

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040

https


	l3v1ck wrote: Just out of curiosity, is there any reason this site uses http rather than https to login with?

I haven't checked the source code of the page, but it's possible the URL for the sign in page is http but the actual form post method that sends the data is a https connection. Https connections 'cost' slightly more in terms of system resources, so if you don't need to use it... As long as your password is sent in https, pretty much everything else on the site is effectively public anyway.

Sun Apr 03, 2011 12:33 pm

l3v1ck

What's a life?

Joined: Fri Apr 24, 2009 10:21 am
Posts: 12700
Location: The Right Side of the Pennines (metaphorically & geographically)

Re: https

It's just when logging in there's no https in the addres bar and no Padlock to be seen.
Does this mean our password is being transmitted for every man and his dog to see?

* Heads off to change his password to something he doesn't use elsewher *

(Yes, I know I SHOULD do that anyway).

_________________


	pcernie wrote: 'I'm going to snort this off your arse - for the benefit of government statistics, of course.'

Sun Apr 03, 2011 12:37 pm

jonbwfc

What's a life?

Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040

Re: https

Hmm.. I've had a quick look at the login page source code, and the actual login process is via this line..


	Quote: <form action="./ucp.php?mode=login" method="post" id="login">

Given everything else on the page, I see no indication at all that the login process is being done by HTTPS. Obviously, this shouldn't really be the case, although it's not as if we're a bank or anything. Saspro, would changing the login page to https be an issue? Do you have an SSL cert for x404.co.uk?

Sun Apr 03, 2011 1:58 pm

adidan

I haven't seen my friends in so long

Joined: Thu Apr 23, 2009 9:43 pm
Posts: 5048

Re: https

I think it may also be a good idea for the marketplace part to be limited to people with a certain number of posts if at all possible.

_________________
Fogmeister I ventured into Solitude but didn't really do much.
jonbwfc I was behind her in a queue today - but I wouldn't describe it as 'bushy'.

Sun Apr 03, 2011 2:00 pm

Page 1 of 1

[ 5 posts ]

Who is online

Users browsing this forum: No registered users and 37 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum