Author Topic: https to access this forum? (Read 2024 times)

WriteConsole · « **on:** May 22, 2013, 04:10:35 PM »

hi, am new guy here,
is there anyway to access this forum using https when logging?

because the whole username & password are nakedly plaintext right now.

i applaud admin efforts using php forum that provides various captcha methods to prevent bots, i suggest to enable https for more secure password transferring.

thankyou.

genec · « **Reply #1 on:** May 25, 2013, 09:02:53 AM »

Look at the source:

Code: [Select]

<form id="guest_form" action="http://forum.tinycorelinux.net/index.php?PHPSESSID=s1t7b5mkusdj22oq7m7m6ies00&amp;action=login2" method="post" accept-charset="UTF-8"  onsubmit="hashLoginPassword(this, '152c93e50f3d2cb3403a37996038a95d');">

Of course, session ID and the seed hash should vary for you. Running a packet capture says the password isn't transmitted in plain text. Yes, I've seen similar techniques before so I knew what to look for.

Tiny Core Linux

News:

Author Topic: https to access this forum? (Read 2024 times)

WriteConsole

https to access this forum?

genec

Re: https to access this forum?