Login being sent unencrypted

[Rosyna]

I've noticed the "Sign In" button on the forum login page now attempts to send the username and password unencrypted. The form action is now going to http://… instead of https://…

[seeprime]

Hopefully Stephen will get all the bugs fixed soon. Neowin is a great site.

[vanx]

Interesting. If you try to log in through the main site, THAT form is HTTPS, but then it redirects you to the forum's page -- to effectively confirm login credentials -- and THAT form is HTTP. If nothing else, it adds further weight to an opinion that this interim page should be eliminated, initially for being redundant and now for being insecure.

[vanx]

Given that security is an important consideration, I am surprised to not see a reply yet. Also, have this somehow slipped through or was it a conscious decision that did not warrant a notification?

[cork1958]

Hopefully Stephen will get all the bugs fixed soon. Neowin is a great site.

I'm almost doubting whether Steven or anyone who works on the coding of this site can fix the totally messed up code they installed recently. Seems to be nothing but a fine piece of crap!

Couldn't agree more on the comment about the login process being redundant and needing to be eliminated!

[Rosyna]

The unencrypted bug appears to be fixed now?

[vanx]

No, I don't think so. Page's source still indicates that the form's contents are passed to an HTTP URL:

  

[vanx]

The forum upgrade didn't fix this. Not sure it was expected to, but Safari on iOS is keen to remind me that the form is not secure.