Off-Topic > Off-Topic - Tiny Core Lounge

https to access this forum?

(1/1)

WriteConsole:
hi, am new guy here,
is there anyway to access this forum using https when logging?

because the whole username & password are nakedly plaintext right now.

i applaud admin efforts using php forum that provides various captcha methods to prevent bots, i suggest to enable https for more secure password transferring.

thankyou.

genec:
Look at the source:

--- Code: ---<form id="guest_form" action="http://forum.tinycorelinux.net/index.php?PHPSESSID=s1t7b5mkusdj22oq7m7m6ies00&amp;action=login2" method="post" accept-charset="UTF-8"  onsubmit="hashLoginPassword(this, '152c93e50f3d2cb3403a37996038a95d');">

--- End code ---
Of course, session ID and the seed hash should vary for you.  Running a packet capture says the password isn't transmitted in plain text.  Yes, I've seen similar techniques before so I knew what to look for.

Navigation

[0] Message Index

Go to full version