Go Back   Satellite TV support forum & Digital TV support forum. > Administration Section: Help, Rules and Information > Suggestions and Feedback on our web site operation
insecure password registration & login insecure password registration & login
Register Home Blogs FAQ Members List Social Groups Mark Forums Read Search Installers

insecure password registration & login

Post your suggestions or feedback about our web site here.


Reply
 
LinkBack Thread Tools Display Modes
Old 14-08-2008   #1
Member
 
Join Date: 14-08-2008
Location: kent
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts

My System: orbital dish - 90cm telestart receiver twin lnb
insecure password registration & login
permalink
when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy
brown_philip is offline   Reply With Quote
Old 14-08-2008   #2
Specialist Contributor
 
compufunk's Avatar
 
Join Date: 07-05-2008
Location: NW, Ireland
Posts: 1395
Thanks: 122
Thanked 230 Times in 197 Posts

My System: DM 600-S, AB IPBox 9000HD, Moteck SG2100, Fracarro Penta 85 dish, + some puters
permalink
Originally Posted by brown_philip View Post
when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy
Are you willing to donate the money for a n SSL certificate?

I've been involved in a few forums on one subject or another, I dont remember any of them using SSL. You might be being a tad paranoid.

There are no monitory transactions going on here.
compufunk is offline   Reply With Quote
Old 14-08-2008   #3
Member
 
Join Date: 14-08-2008
Location: kent
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts

My System: orbital dish - 90cm telestart receiver twin lnb
permalink
just because I'm paranoid, doesn't mean they're not after me

you could selfsign a certificate which is free or advise people not to use previous passwords that may be used for more delicate logins ie. banking
brown_philip is offline   Reply With Quote
Old 14-08-2008   #4
Amo Amas Amant Admin
 
Topper's Avatar
 
Join Date: 18-11-2004
Location: Blackburn NW England (Siberia)
Posts: 11284
Thanks: 24
Thanked 505 Times in 464 Posts

My System: IDD CI24 ECONO MM Penta 1.20 Galaxy II 1.2Mtr Polar MTG yes it has been on the arc for 21 years and is still driven by a modified wiper motor from a Ford Anglia. It's like me sometimes groans but always performs


Saved us from the black plague of ignoratio elenchi, he awaits a special badge with jugs
Ahem
permalink
Originally Posted by brown_philip View Post
you could selfsign a certificate which is free or advise people not to use previous passwords that may be used for more delicate logins ie. banking
Whilst I take your point, there are always things that can be done however we already have a high percentage of people that are unable to complete the registration process you have just managed successfully and adding more complications will simply reduce the number of people registering. Most people fail to read the basics such as the rules, as previously mentioned there is nothing top secret going on here and advising people what passwords not to use is IMHO not required.
War does not determine who is right, it determines who is left!

Formerly toppervte33h
whose six pack has turned into a keg

Help support this web site by making a donation
Or use other options to help support Sats UK
Show Your Support
by clicking the button

Thank you.
Freddie Flintoff is back



Topper is offline   Reply With Quote
Old 14-08-2008   #5
Believe it when I see it Admin.
 
rolfw's Avatar
 
Real name: Rolf
Join Date: 01-05-1999
Location: Southern England
Posts: 29858
Thanks: 51
Thanked 1095 Times in 691 Posts
Blog Entries: 5

My System: Pace Sky HD, DM7000s, CubeRevo 3000HDPVR, Transparent 80cm Dish, Moteck SG2100 DiseqC motor, lots of legacy gear. Meters: Satlook Digital NIT, Televes H45 Digital Spectrum analyser.
permalink
Yes, Modshack did at one time attempt to use SSL when using some other type of forum software, but gave up after a couple of months for various reasons.

We've never found it really necessary and have never heard of any problems arising from the existing system.
Rolf
If you enjoy our site, you can help support it by wearing our unique branded merchandise, you can do this by clicking on my baseball cap, making a direct donation with Paypal by clicking on the Donation button below, or using our site supporting advertisers, to do this, click on the central image below. Follow us on Twitter, click on the twitter image.
rolfw is offline   Reply With Quote
Old 14-08-2008   #6
Member
 
Join Date: 14-08-2008
Location: kent
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts

My System: orbital dish - 90cm telestart receiver twin lnb
permalink
if cost is a concern for ssl certs, godaddy certs start at approx. £15 and these are automatically recognized by 99% of browsers

_https://www.godaddy.com/gdshop/ssl/ssl.asp
Last edited by PaulR; 14-08-2008 at 08:41 PM.
brown_philip is offline   Reply With Quote
Old 15-08-2008   #7
Mod and septic resident
 
Channel Hopper's Avatar
 
Join Date: 01-01-2000
Location: London SW
Posts: 9263
Thanks: 6
Thanked 204 Times in 190 Posts
permalink
Originally Posted by brown_philip View Post
just because I'm paranoid, doesn't mean they're not after me
Unfortunately, they still have to catch me before they go after you.

The only monetary transfers going on via the site are the donations (unless there is personal trading via the PMs), which if the PayPal system is used, their own https process is in place.

A beer token is a valuable thing however, so I will ask the local SEO for some pointers.
There is a very fine line between "hobby" and "mental illness"
Channel Hopper is offline   Reply With Quote
Old 08-11-2008   #8
ASBO Club Member - Persona non grata
 
Join Date: 07-10-2008
Location: Ireland
Posts: 98
Thanks: 81
Thanked 9 Times in 8 Posts

My System: sky digibox also U P C Ireland
permalink
Originally Posted by brown_philip View Post
when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy
brown philip,posted on another thread is warning about this site as McAfee Site Advisor gives an Amber warning about this site.Chris has asked for it to be reviewed/retested as have I.(I am just an ordinary member,Why not make a request for S/A to review their warning?
ynotdu is offline   Reply With Quote
Reply

Bookmarks

Tags
insecure, login, password, registration

« Installer section | google-analistics.com.in broweser window? »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off






All times are GMT +1. The time now is 03:39 AM.

Contact Us - Satellites - Archive - Top

All views and information expressed in users' communications and profiles represent the opinions of the users concerned and do not represent the views of Satellites.co.uk. All images and news content are believed to be in the public domain, except where otherwise stated. Forum software by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.

Content Relevant URLs by vBSEO 3.3.1