Plain text creds

  • After Iowa State won the Big 12, a Cyclone made a wonderful offer to We Will that now increases our match. Now all gifts up to $400,000 between now and the Final 4 will be matched. Please consider giving at We Will Collective.
    This notice can be dismissed using the upper right corner X button.

fatkid1974

Well-Known Member
Apr 3, 2010
1,317
102
63
49
van down by the river
I was stumbling through some forums this morning and noticed I needed to log in. Got brought to the login page, entered my credentials, and got a warning that I was logging in to a non secure site. I do understand that we don't pay anything for perusing this fine website, but could you possible do an auto redirect to https://... for at least the login page. I know your paying for an ssl cert, all I did was throw an 's' in the browser to make it https and it redirected to the exact same page and I was able to login without my credentials being sent in plain text. Thanks!
 
  • Agree
Reactions: Pat

Pat

Well-Known Member
Oct 20, 2011
2,163
3,075
113
You know, I'll second this. It should be a 3 minute fix in your CMS to set up a 301 redirect to https. On one hand, Fanatic getting hacked is pretty low stakes. On the other, I *guarantee* that more than one user has the same credentials for their email and bank accounts.
 
  • Like
Reactions: fatkid1974

fatkid1974

Well-Known Member
Apr 3, 2010
1,317
102
63
49
van down by the river
You know, I'll second this. It should be a 3 minute fix in your CMS to set up a 301 redirect to https. On one hand, Fanatic getting hacked is pretty low stakes. On the other, I *guarantee* that more than one user has the same credentials for their email and bank accounts.[/QUOTE]

This is where the issue lies and this is why I am so vigilant. The 'rushkies' don't want our thread post history, they want your username/pw database.
 

Latest posts

Help Support Us

Become a patron