OcUK forums and https

Dj_Jestar · 30 Jan 2016 at 15:54

Worth noting browsers will be marking HTTP login forms as insecure in the near future.

P's KIA, do you have a link to just the report? Every time that link is opened it runs the test again.

leaskovski · 30 Jan 2016 at 20:28

Burnsy2023 said:
Basically there is no good reason not to do SSL.

There is every good reason not to do SSL, the main one is that it is wee poor in the security department. No if you said TLS, then that's a different matter

[/pedomode]

leaskovski · 30 Jan 2016 at 20:31

KIA said:
Nice to see TLS at long last.

https for trust.overclockers.co.uk would be great.

forums.overclockers.co.uk isn't securely served from the start of a new session.

I know you guys POST to https, but it would be nice to see a thorough implementation.

Code:

<form action="https://forums.overclockers.co.uk/login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">

Please don't do this... MD5 is pants...

Craig321 · 30 Jan 2016 at 22:50

leaskovski said:
There is every good reason not to do SSL, the main one is that it is wee poor in the security department. No if you said TLS, then that's a different matter

[/pedomode]

2:29

Are you that IT guy?

leaskovski · 31 Jan 2016 at 02:53

Lol no, I've just been done by openssl's random debugging on what protocol is being used. So I'm a little sore.