Log-in security [and using SSL / https]
#1
Original Poster
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
Log-in security [and using SSL / https]
Hi all,
I find it to be a bit of a shocker that not only is the log-in process not done over HTTPS -- schoolboy error, if I ever saw one -- but you do a simple MD5 of the password and send it along as part of the log-in procedure in clear text. The username is also in clear text.
<deleted>
Could you please sort it out ASAP? This should really not be happening in this day and age.
I find it to be a bit of a shocker that not only is the log-in process not done over HTTPS -- schoolboy error, if I ever saw one -- but you do a simple MD5 of the password and send it along as part of the log-in procedure in clear text. The username is also in clear text.
<deleted>
Could you please sort it out ASAP? This should really not be happening in this day and age.
Last edited by JDiver; Jul 3, 2014 at 8:45 pm Reason: deleted overly large graphic distorting page rendering
#4
Administrator
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
When we turn on for everyone we have some complaining about slowness and that alot of "posts" / "threads" are broken or "display browser error messages". Since this site is almost all user generated content - people post non-https images and etc and depending on their browser it may display a broken image or a warning pop-up, subsequently we start getting reports that site is broken.
#5
Original Poster
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
That's fair enough. However, this does not preclude you from presenting the log-in form over a secure connection and processing the form information over HTTPS, followed by redirection back to HTTP.
P.S. The main page looks really bad when HTTPS is enforced.
P.S. The main page looks really bad when HTTPS is enforced.