Advertisement:

Author Topic: Login form insecure?  (Read 545 times)

Offline sǝๅqɯɐɥS

  • SMF Hero
  • ******
  • Posts: 4,511
  • Gender: Male
    • i30 Owners Club
Login form insecure?
« on: November 29, 2017, 04:43:21 AM »
Just installed Firefox Quantum on a new works machine.

Obviously I have no cookie for sm.org so I needed to login and set one.

The login form doesn't appear to be secure, whereas the rest of the site is  :o



Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 48,085
Re: Login form insecure?
« Reply #1 on: November 29, 2017, 05:07:51 AM »
we dont force a redirect to https, but we have changed all the URLs to be https, so you can log into the http forum.

Offline sǝๅqɯɐɥS

  • SMF Hero
  • ******
  • Posts: 4,511
  • Gender: Male
    • i30 Owners Club
Re: Login form insecure?
« Reply #2 on: November 29, 2017, 05:53:39 AM »
I guess I was just surprised to see that the whole website is secure apart from the most important part.. the form in which sensitive credentials are entered.

Offline SleePy

  • Site Team Lead
  • SMF Master
  • *
  • Posts: 29,941
  • Gender: Male
  • Thats his happy face.
    • jdarwood007 on GitHub
    • @jdarwood on Twitter
    • SleePy Code - My personal site
Re: Login form insecure?
« Reply #3 on: November 30, 2017, 01:15:04 PM »
Do you have outdated bookmarks?  All http:// urls will still work without redirecting you to https://.  However if you do any navigation, you will go to the https page.  Update your bookmarks for https and you should be good to go.

We will look into in the future forcing https:// for human browsers.
Jeremy D — Site Team / SMF Developer
Support the SMF Support team!
Profiles:
GitHub

Offline sǝๅqɯɐɥS

  • SMF Hero
  • ******
  • Posts: 4,511
  • Gender: Male
    • i30 Owners Club
Re: Login form insecure?
« Reply #4 on: November 30, 2017, 02:33:25 PM »
Quote from: SleePy
Do you have outdated bookmarks?

I installed Firefix Quantum on a clean machine but you got me there. I used FF-SYNC to get my old bookies.

Shame on me.  :-[