Saints Superstore login insecure? : Sun Oct 10, 2010 8:27 am
Not sure if anyone's noticed this before, or even if it is worthy of all that much concern.
The superstore login page at: Code: Select all http://www.saintssuperstore.com/customer/account/login/ Has the following login form: Code: Select all <form id="login-form" method="post" action="http://www.saintssuperstore.com/customer/account/loginPost/"> with the following inputs: Code: Select all <input type="text" name="login[username]" ... As you can see, your username and password is sent in the clear over "http" and not securely over "https". If you use Firebug or something to change the action URL to "https" then you get an error as that URL isn't available on "https". I emailed Saints about this several months ago but didn't receive a reply. Cause for concern? |
Not sure if anyone's noticed this before, or even if it is worthy of all that much concern.
The superstore login page at: Code: Select all http://www.saintssuperstore.com/customer/account/login/ Has the following login form: Code: Select all <form id="login-form" method="post" action="http://www.saintssuperstore.com/customer/account/loginPost/"> with the following inputs: Code: Select all <input type="text" name="login[username]" ... As you can see, your username and password is sent in the clear over "http" and not securely over "https". If you use Firebug or something to change the action URL to "https" then you get an error as that URL isn't available on "https". I emailed Saints about this several months ago but didn't receive a reply. Cause for concern? |
|