Tiny Core Linux

Off-Topic => Off-Topic - Tiny Core Lounge => Topic started by: WriteConsole on May 22, 2013, 04:10:35 PM

Title: https to access this forum?
Post by: WriteConsole on May 22, 2013, 04:10:35 PM

hi, am new guy here,
is there anyway to access this forum using https when logging?

because the whole username & password are nakedly plaintext right now.

i applaud admin efforts using php forum that provides various captcha methods to prevent bots, i suggest to enable https for more secure password transferring.

thankyou.

Title: Re: https to access this forum?
Post by: genec on May 25, 2013, 09:02:53 AM

Look at the source:

Code: [Select]

<form id="guest_form" action="http://forum.tinycorelinux.net/index.php?PHPSESSID=s1t7b5mkusdj22oq7m7m6ies00&amp;action=login2" method="post" accept-charset="UTF-8"  onsubmit="hashLoginPassword(this, '152c93e50f3d2cb3403a37996038a95d');">
Of course, session ID and the seed hash should vary for you.  Running a packet capture says the password isn't transmitted in plain text.  Yes, I've seen similar techniques before so I knew what to look for.