insecure password registration & login

[brown_philip]

when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy

 

[compufunk]

when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy

Are you willing to donate the money for a n SSL certificate?

I've been involved in a few forums on one subject or another, I dont remember any of them using SSL. You might be being a tad paranoid.

There are no monitory transactions going on here.

 

[brown_philip]

just because I'm paranoid, doesn't mean they're not after me

you could selfsign a certificate which is free or advise people not to use previous passwords that may be used for more delicate logins ie. banking

 

[Topper]

you could selfsign a certificate which is free or advise people not to use previous passwords that may be used for more delicate logins ie. banking

Whilst I take your point, there are always things that can be done however we already have a high percentage of people that are unable to complete the registration process you have just managed successfully and adding more complications will simply reduce the number of people registering. Most people fail to read the basics such as the rules, as previously mentioned there is nothing top secret going on here and advising people what passwords not to use is IMHO not required.

 

[rolfw]

Yes, Modshack did at one time attempt to use SSL when using some other type of forum software, but gave up after a couple of months for various reasons.

We've never found it really necessary and have never heard of any problems arising from the existing system.

 

[brown_philip]

if cost is a concern for ssl certs, godaddy certs start at approx. £15 and these are automatically recognized by 99% of browsers

_https://www.godaddy.com/gdshop/ssl/ssl.asp

 

[Channel Hopper]

just because I'm paranoid, doesn't mean they're not after me

Unfortunately, they still have to catch me before they go after you.

The only monetary transfers going on via the site are the donations (unless there is personal trading via the PMs), which if the PayPal system is used, their own https process is in place.

A beer token is a valuable thing however, so I will ask the local SEO for some pointers.

 

[ynotdu]

when I just signed up I notice the registration page is not encrypted therefore password is sent in plain text whist registering.

just logged out/in and also see main login is not encrypted so all passwords are going out plain text to the www/whole wide world

probably need to get this fixed as it is bad policy

brown philip,posted on another thread is warning about this site as McAfee Site Advisor gives an Amber warning about this site.Chris has asked for it to be reviewed/retested as have I.(I am just an ordinary member,Why not make a request for S/A to review their warning?