• Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Normal Normal
    • 2013-07-22
    • None
    • Accounts, Admin

      The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.

      Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.

          Loading...

            • Icon: Improvement Improvement
            • Resolution: Fixed
            • Icon: Normal Normal
            • 2013-07-22
            • None
            • Accounts, Admin

              The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.

              Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.

                    warp Kuno Woudt
                    Anonymous Anonymous
                    Votes:
                    9 Vote for this issue
                    Watchers:
                    6 Start watching this issue

                      Created:
                      Updated:
                      Resolved:

                        Version Package
                        2013-07-22

                          warp Kuno Woudt
                          Anonymous Anonymous
                          Votes:
                          9 Vote for this issue
                          Watchers:
                          6 Start watching this issue

                            Created:
                            Updated:
                            Resolved:

                              Version Package
                              2013-07-22