ForumsSearch

Forums
Watchlist
Search
Profile
Rules

Search results for "Posted by bsmithsweeney"

Author	Message
bsmithsweeney	Posted May 14, 2010 in: Login supprots http and defaults to http rather than https Score: 0 bsmithsweeney Posted: May 14, 2010 Score: 0 If one visits https://www.toodledo.com but are not logged in yet, you are redirected to an http-based login page rather than https. This is true even if you set the "Encryption" option to "yes" with a pro account, per https://www.toodledo.com/forums/2/2975/-15677/pro-accout-https-is-not-enabled-by-default.html. Note that many folks are likely bookmarking https://www.toodledo.com, rather than bookmarking the login page, and all of them would be redirected to the plaintext login. This is not ideal for clients who may miss the change in protocol on redirect. I suggest making the login page https-only to ensure it's not possible to accidentally send login information in cleartext or have that information intercepted. Cheers, Brian

Author

Message

Posted May 14, 2010 in: Login supprots http and defaults to http rather than https

Score: 0

bsmithsweeney
Posted: May 14, 2010
Score: 0

If one visits https://www.toodledo.com but are not logged in yet, you are redirected to an http-based login page rather than https. This is true even if you set the "Encryption" option to "yes" with a pro account, per https://www.toodledo.com/forums/2/2975/-15677/pro-accout-https-is-not-enabled-by-default.html. Note that many folks are likely bookmarking https://www.toodledo.com, rather than bookmarking the login page, and all of them would be redirected to the plaintext login.

This is not ideal for clients who may miss the change in protocol on redirect. I suggest making the login page https-only to ensure it's not possible to accidentally send login information in cleartext or have that information intercepted.

Cheers,
Brian