|
View Poll Results: SB unraised pot, 72s | |||
4-1 | 3 | 14.29% | |
5-1 | 3 | 14.29% | |
6-1 | 2 | 9.52% | |
7-1 | 5 | 23.81% | |
8-1 | 8 | 38.10% | |
Voters: 21. You may not vote on this poll |
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
I have just been informed that https://www.wsex.com should be available next week as an option for those who wish to use it. Fred Balfour GM WSEX.com [/ QUOTE ] I don't mean to nitpick but wouldn't it be better/safer to have the https prefix as the default rather than an option? I am unaware of any downside for this choice. |
#12
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
I have just been informed that https://www.wsex.com should be available next week as an option for those who wish to use it. Fred Balfour GM WSEX.com [/ QUOTE ] Wonderful - thanks for this. I might even start spending some of my rakeback on sports betting if you ever get round to taking bets on English sports! |
#13
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
I have just been informed that https://www.wsex.com should be available next week as an option for those who wish to use it. [/ QUOTE ] Thank you Mr. Balfour. I will echo someone else's comment that you should really consider making that login frame secure for all users all the time. Benjamin |
#14
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
I have just been informed that https://www.wsex.com should be available next week as an option for those who wish to use it. Fred Balfour GM WSEX.com [/ QUOTE ] An aside: could you also increase the maximum size of the password? 8 characters maximum for a password is too short. This combined with the insecure login makes it ridiculously easy to hack your customer's accounts. |
#15
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
I have just been informed that https://www.wsex.com should be available next week as an option for those who wish to use it. Fred Balfour GM WSEX.com [/ QUOTE ] Also, you might consider using a freely available md5 script to hash/encrypt the password in the browser before sending it to the server. It would be best to match the encryption algorithm that you use to store the passwords in the database (you do store encrypted passwords in your database, I hope...). This will give reasonable security to those who do not go to the secure page. |
#16
|
|||
|
|||
Re: What flimsy evidence of this not being secure
[ QUOTE ]
A question and a comment: When I log in, I insert the "s" in front of the http. I assumed that afforded me a secure log in. Is this true or not? [/ QUOTE ] Usually, when I log in I use SIIHP. |
|
|