terms Posted March 3, 2017 Share Posted March 3, 2017 It seems that some content on this website is available over HTTPS but do not use HTTPS by default. A lot of forms are guilty of this. By default, several forms submit information over HTTP with no encryption. I found the registration and login page are guilty of this. The forms explicitly submit to URLs not using encryption even when you access that form over HTTPS. Furthermore, if you modify the form's action attribute to send to an HTTPS URL it works perfectly fine. So HTTPS is supported but explicitly not used for registration and logins. Passwords are being submitted unencrypted, no? Link to comment
gregathit Posted March 3, 2017 Share Posted March 3, 2017 This would be a question for the site Admin, which is Ashal. Please PM him. Thread Closed. Link to comment
Ashal Posted March 4, 2017 Share Posted March 4, 2017 Login submits to https, or at least it did last I checked, it must've gotten disabled by accident at some point. It should definitely be doing so now though. Link to comment
Recommended Posts