x404.co.uk
http://www.x404.co.uk/forum/

https
http://www.x404.co.uk/forum/viewtopic.php?f=3&t=13231		 Page 1 of 1
Author:  l3v1ck [ Sun Apr 03, 2011 12:22 pm ]
Post subject:  https
Just out of curiosity, is there any reason this site uses http rather than https to login with?
Author:  jonbwfc [ Sun Apr 03, 2011 12:33 pm ]
Post subject:  https
l3v1ck wrote:
Just out of curiosity, is there any reason this site uses http rather than https to login with?

I haven't checked the source code of the page, but it's possible the URL for the sign in page is http but the actual form post method that sends the data is a https connection. Https connections 'cost' slightly more in terms of system resources, so if you don't need to use it... As long as your password is sent in https, pretty much everything else on the site is effectively public anyway.
Author:  l3v1ck [ Sun Apr 03, 2011 12:37 pm ]
Post subject:  Re: https
It's just when logging in there's no https in the addres bar and no Padlock to be seen.
Does this mean our password is being transmitted for every man and his dog to see?

* Heads off to change his password to something he doesn't use elsewher *

(Yes, I know I SHOULD do that anyway).
Author:  jonbwfc [ Sun Apr 03, 2011 1:58 pm ]
Post subject:  Re: https
Hmm.. I've had a quick look at the login page source code, and the actual login process is via this line..

Quote:
<form action="./ucp.php?mode=login" method="post" id="login">


Given everything else on the page, I see no indication at all that the login process is being done by HTTPS. Obviously, this shouldn't really be the case, although it's not as if we're a bank or anything. Saspro, would changing the login page to https be an issue? Do you have an SSL cert for x404.co.uk?
Author:  adidan [ Sun Apr 03, 2011 2:00 pm ]
Post subject:  Re: https
I think it may also be a good idea for the marketplace part to be limited to people with a certain number of posts if at all possible.
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/