Rosyna Posted November 19, 2015 Share Posted November 19, 2015 I've noticed the "Sign In" button on the forum login page now attempts to send the username and password unencrypted. The form action is now going to http://… instead of https://… Link to comment Share on other sites More sharing options...
seeprime Posted November 19, 2015 Share Posted November 19, 2015 Hopefully Stephen will get all the bugs fixed soon. Neowin is a great site. Link to comment Share on other sites More sharing options...
vanx Posted November 19, 2015 Share Posted November 19, 2015 Interesting. If you try to log in through the main site, THAT form is HTTPS, but then it redirects you to the forum's page -- to effectively confirm login credentials -- and THAT form is HTTP. If nothing else, it adds further weight to an opinion that this interim page should be eliminated, initially for being redundant and now for being insecure. Link to comment Share on other sites More sharing options...
vanx Posted November 23, 2015 Share Posted November 23, 2015 Given that security is an important consideration, I am surprised to not see a reply yet. Also, have this somehow slipped through or was it a conscious decision that did not warrant a notification? Link to comment Share on other sites More sharing options...
cork1958 Posted November 23, 2015 Share Posted November 23, 2015 Hopefully Stephen will get all the bugs fixed soon. Neowin is a great site. I'm almost doubting whether Steven or anyone who works on the coding of this site can fix the totally messed up code they installed recently. Seems to be nothing but a fine piece of crap! Couldn't agree more on the comment about the login process being redundant and needing to be eliminated! Link to comment Share on other sites More sharing options...
Rosyna Posted November 24, 2015 Author Share Posted November 24, 2015 The unencrypted bug appears to be fixed now? Link to comment Share on other sites More sharing options...
vanx Posted November 24, 2015 Share Posted November 24, 2015 No, I don't think so. Page's source still indicates that the form's contents are passed to an HTTP URL: Link to comment Share on other sites More sharing options...
vanx Posted December 3, 2015 Share Posted December 3, 2015 The forum upgrade didn't fix this. Not sure it was expected to, but Safari on iOS is keen to remind me that the form is not secure. Link to comment Share on other sites More sharing options...
Recommended Posts