Skip to content
This repository has been archived by the owner on Oct 18, 2019. It is now read-only.

Site doesnt work with https! #17

Open
sarco3t opened this issue Dec 12, 2018 · 5 comments
Open

Site doesnt work with https! #17

sarco3t opened this issue Dec 12, 2018 · 5 comments

Comments

@sarco3t
Copy link

sarco3t commented Dec 12, 2018

No description provided.

@cskinner74
Copy link

Wouldn't be hard for whoever has control of the domain to add SSL with Let's Encrypt. I can help if needed.

@CristopherVidalMachado
Copy link

I take this job;

@nicoleiocana
Copy link

@the-wendell
If this issue is still open, I would like to make a pull request and fix this bug.

@sbpipb
Copy link

sbpipb commented Oct 18, 2019

I'd like to know what are the application level implications for this, since this looks mostly DNS. please correct me if i'm wrong.

@nicoleiocana
Copy link

I'd like to know what are the application level implications for this, since this looks mostly DNS. please correct me if i'm wrong.

Because the site utilizes a sign up form, the email & password that are being sent over the network are vulnerable to being intercepted by malicious users. The site should encrypt that information before it leaves the local browser to resolve this potential security flaw . Moreover, the site should be immune to the critical session hijacking vulnerability surrounding the remember me feature when logging in.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sbpipb @cskinner74 @CristopherVidalMachado @sarco3t @nicoleiocana