Posts by Hello World
log in
1) Message boards : Web site : Suggestions: Require HTTPS connections (Message 20068)
Posted 1157 days ago by Hello World
Currently only the login page is protected by HTTPS. I hope HTTPS is always enforced, so that the cookies can be marked as Secure. If users are redirected to HTTP after login, the cookies can be hijacked by man-in-the-middle who can use the cookies to log in others' accounts.

Also the home page ( contains mixed content. Some images are loaded over HTTP rather than HTTPS, such as I suggest to change them to relative links.

Hope you can consider the two suggestions. Thanks!

Edit 1: If possible, could you please also disable SSL 3.0 to mitigate POODLE attacks?

Main page · Your account · Message boards

Copyright © 2018 Jon Sonntag; All rights reserved.