I just noticed another problem with the forum--the login form sends the login credentials in plain-text. This is very insecure, as anyone on the same network would be able to see the user's password using a packet sniffer. You should always use secure http (https) to send passwords and other sensitive data.
Even though this is a forum, a lot of people unfortunately use the same password (and sometimes even username) for all of their online accounts. That could include email, web hosting, and even banking. So I really recommend you change this as soon as possible, or at least warn your users that the forum login isn't secure and that they shouldn't use the same password for it as they do for their other online accounts.
Security issue
1 post
• Page 1 of 1
- resilien7
- Posts: 0
- Joined: October 29th, 2010, 9:59 pm
Security issue
by resilien7 » October 30th, 2010, 5:24 pm
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 12 guests