cancel
Showing results for 
Search instead for 
Did you mean: 

Insecure login to portal?

bj
Grafter
Posts: 68
Registered: 08-08-2007

Insecure login to portal?

If I click on the "My Account" link on the portal I get an https login page.

If I click on the "Discussion Forums" link I get an http login page.

Is there a security issue here?
1 REPLY
NigelWood
Grafter
Posts: 76
Registered: 15-08-2007

Re: Insecure login to portal?

Quote
If I click on the "My Account" link on the portal I get an https login page.

If I click on the "Discussion Forums" link I get an http login page.

Is there a security issue here?


No. What matters is not the anyone could read the login page that is displayed to you but that no one can read the values you submit using it.

If you 'view source' on the page your'll see that your login details are sent back securely. The relevant markup being:
<form method="post" action="https://portal.plus.net/central/forums/index.php">

Whilst the form submission is secure I think we should make lthe login page is https also anyway. About two people a month ask this question and we answer it. Presumably there's a large body if similarly concerned people who just don't get round to asking and continue to feel unnecessarily anxious.