WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: https to access this forum?  (Read 1943 times)

Offline WriteConsole

  • Newbie
  • *
  • Posts: 2
https to access this forum?
« on: May 22, 2013, 01:10:35 PM »
hi, am new guy here,
is there anyway to access this forum using https when logging?

because the whole username & password are nakedly plaintext right now.

i applaud admin efforts using php forum that provides various captcha methods to prevent bots, i suggest to enable https for more secure password transferring.


Offline genec

  • Full Member
  • ***
  • Posts: 240
Re: https to access this forum?
« Reply #1 on: May 25, 2013, 06:02:53 AM »
Look at the source:
Code: [Select]
<form id="guest_form" action="http://forum.tinycorelinux.net/index.php?PHPSESSID=s1t7b5mkusdj22oq7m7m6ies00&amp;action=login2" method="post" accept-charset="UTF-8"  onsubmit="hashLoginPassword(this, '152c93e50f3d2cb3403a37996038a95d');">
Of course, session ID and the seed hash should vary for you.  Running a packet capture says the password isn't transmitted in plain text.  Yes, I've seen similar techniques before so I knew what to look for.