08-27-2017, 04:14 PM | #1 |
Lieutenant General
3570
Rep 10,351
Posts |
Site security.
When will the website be upgraded to HTTPS? Jason Mark
__________________
"Drive more, worry less. "
435i, MPPK, MPE, M-Sport Line |
08-27-2017, 10:05 PM | #2 |
Lieutenant Colonel
912
Rep 1,850
Posts |
You're right. I just performed a packet capture of the site and login credentials are sent in plaintext although the username is hashed to md5. Not so good, and worse, it's hash WITHOUT A SALT! So it would be really easy to decode most user's passwords if you could grab their traffic. Or someone could insert their own page.
|
Appreciate
1
F32Fleet3570.00 |
08-29-2017, 09:14 PM | #3 | |
Lieutenant General
3570
Rep 10,351
Posts |
Quote:
__________________
"Drive more, worry less. "
435i, MPPK, MPE, M-Sport Line |
|
Appreciate
0
|
08-29-2017, 09:29 PM | #4 |
Primo Generalissimo
4672
Rep 4,022
Posts
Drives: All of them
Join Date: Jun 2009
Location: DC area
iTrader: (0)
Garage List 2017 Porsche 911 Ca ... [10.00]
2023 BMW M2 [9.00] 2023 Porsche Macan GTS [10.00] 2022 Ford F-250 Tremor [8.50] |
They have to read up on it......
|
Appreciate
0
|
08-30-2017, 09:02 AM | #5 | |
Lieutenant General
3570
Rep 10,351
Posts |
Quote:
__________________
"Drive more, worry less. "
435i, MPPK, MPE, M-Sport Line |
|
Appreciate
0
|
08-30-2017, 03:25 PM | #6 |
Lieutenant Colonel
912
Rep 1,850
Posts |
That tends to not be the case in practice. Also SSL certificates are very cheap. The site's owners probably don't care since they haven't had a big issue with fake / hijacked accounts and this site is a minimum-budget venture.
|
Appreciate
0
|
Post Reply |
Bookmarks |
|
|