Go Back  FlyerTalk Forums > Support&Services > Technical Support and Feedback
Reload this Page >

Log-in security [and using SSL / https]

Register
Community
Wiki Posts
Today's Posts
Search

Log-in security [and using SSL / https]

Thread Tools
 
Search this Thread
 
Old Jul 3, 2014, 11:52 am
  #1  
Original Poster
 
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
Log-in security [and using SSL / https]
Hi all,

I find it to be a bit of a shocker that not only is the log-in process not done over HTTPS -- schoolboy error, if I ever saw one -- but you do a simple MD5 of the password and send it along as part of the log-in procedure in clear text. The username is also in clear text.

<deleted>

Could you please sort it out ASAP? This should really not be happening in this day and age.
Last edited by JDiver; Jul 3, 2014 at 8:45 pm Reason: deleted overly large graphic distorting page rendering
techie is offline  
Reply
Old Jul 3, 2014, 12:15 pm
  #2  
Administrator
 
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
We don't force SSL; you are welcome to use SSL by switching over to HTTPS, you can log in via SSL.
IBxAnders is offline  
Reply
Old Jul 3, 2014, 12:24 pm
  #3  
Original Poster
 
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
Naturally, the question is: why isn't SSL enabled by default?
techie is offline  
Reply
Old Jul 3, 2014, 12:33 pm
  #4  
Administrator
 
Join Date: Apr 2008
Location: Los Angeles, CA
Programs: SPG
Posts: 607
Originally Posted by techie
Naturally, the question is: why isn't SSL enabled by default?
When we turn on for everyone we have some complaining about slowness and that alot of "posts" / "threads" are broken or "display browser error messages". Since this site is almost all user generated content - people post non-https images and etc and depending on their browser it may display a broken image or a warning pop-up, subsequently we start getting reports that site is broken.
IBxAnders is offline  
Reply
Old Jul 3, 2014, 2:05 pm
  #5  
Original Poster
 
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
That's fair enough. However, this does not preclude you from presenting the log-in form over a secure connection and processing the form information over HTTPS, followed by redirection back to HTTP.

P.S. The main page looks really bad when HTTPS is enforced.
techie is offline  
Reply
Old Jul 18, 2014, 7:24 am
  #6  
Original Poster
 
Join Date: Mar 2013
Location: US of A
Programs: Delta Diamond, United 1K, BA Blue, Marriott Titanium, Hilton Gold, Amex Platinum
Posts: 1,775
I would consider the following to be shameless, since it has been a couple of weeks: bump.
techie is offline  
Reply



Advanced Search
Reply Closed Thread Share
Forum Jump

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.