Posts by Hello World
log in
1) Message boards : Web site : Suggestions: Require HTTPS connections (Message 20068)
Posted 1157 days ago by Hello World
Currently only the login page is protected by HTTPS. I hope HTTPS is always enforced, so that the cookies can be marked as Secure. If users are redirected to HTTP after login, the cookies can be hijacked by man-in-the-middle who can use the cookies to log in others' accounts.

Also the home page (https://boinc.thesonntags.com/collatz/index.php) contains mixed content. Some images are loaded over HTTP rather than HTTPS, such as http://boinc.thesonntags.com/collatz/user_profile/images/10137_sm.jpg. I suggest to change them to relative links.

Hope you can consider the two suggestions. Thanks!

Edit 1: If possible, could you please also disable SSL 3.0 to mitigate POODLE attacks?




Main page · Your account · Message boards


Copyright © 2018 Jon Sonntag; All rights reserved.