You guys really need to make the site only allow being logged in with a secure connection, instead of letting it fall back to unsecure
Already ruled that out
You guys really need to make the site only allow being logged in with a secure connection, instead of letting it fall back to unsecure
You need to debug more.
Ed
If there's something strange with your long hair / Who you gonna call? / L-H-C! (sung to the tune of Ghostbusters)
No, the site needs to be administered properly
It's not secure on my end either. Never has been. Despite being https.
If there's something strange with your long hair / Who you gonna call? / L-H-C! (sung to the tune of Ghostbusters)
What makes you think you're using the site unsecured?
Are you using HTTP via TLS? Does a packet capture show your credentials in plain text if you run the pcap while signing on? Does the certificate not show as 'valid'?
HTTPS is a protocol, and doesn't guarantee the method, you are correct. But the site isn't unsecured, either.
There are various ways you can find this out, but the easier way for me is to press CTRL + SHIFT + I in my browser and view my dev tools. What is likely flagging in your browser is a non-secure form (where I am typing my data to post in) which we are all able to see as it is. The certificate shows as valid and trusted and the connection is using TLS 1.2, which is likely (hopefully) trusted by your browser.
in a possibly permanent lurk mode
Bookmarks