General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSites use Secure Login Screens - Firefox alterts me DU Login Screen is not HTTPS, subject to hijack!
.
Is anyone else getting this warning?
The userid and password I send in, as part of the login process, is NOT ENCRYPTED and visible to sniffers and line analyzers at telco offices and ISP providers. I am unable to obtain an HTTPS session for logins.
.
Hokie
(4,286 posts)Added user warnings for non-secure HTTP pages with logins. Firefox now displays a This connection is not secure message when users click into the username and password fields on pages that dont use HTTPS.
I think Mozilla is trying to encourage sites to use secure HTTP for login pages. It just means your password is not encrypted going from your computer to DU so technically a sniffer program could see your password. By using HTTPS it would be end to end encrypted.
Nothing has changed on DU. It is as secure (or not secure) as it was before.
TheBlackAdder
(28,183 posts).
HTTPS for initial logins was generally a site standard for a couple of years.
I believe I've raised this issue with the admins a year ago, and I sent them another email this week.
No response. I find that security is lax in a site that highlights, in yellow, a security breech on its login page.
It takes minutes to implement this, so I have no idea why the delay.
Hopefully this won't get locked, as this discussion needs to be had.
.
GregD
(2,263 posts)I just tried to force my browser to HTTPS and it did not work.
This confirms it - no SSL
https://www.sslshopper.com/ssl-checker.html#hostname=www.democraticunderground.com
I find it curious that for as inexpensive as SSL certificates are these days, that the site does not have an SSL assigned and the "my account" section absolutely forced to use that. And particularly in the light of having been hacked. WTF?