ForumsQuestionsLogin supprots http and defaults to http rather than https
Login supprots http and defaults to http rather than https
Author |
Message |
bsmithsweeney
|
If one visits https://www.toodledo.com but are not logged in yet, you are redirected to an http-based login page rather than https. This is true even if you set the "Encryption" option to "yes" with a pro account, per https://www.toodledo.com/forums/2/2975/-15677/pro-accout-https-is-not-enabled-by-default.html. Note that many folks are likely bookmarking https://www.toodledo.com, rather than bookmarking the login page, and all of them would be redirected to the plaintext login.
This is not ideal for clients who may miss the change in protocol on redirect. I suggest making the login page https-only to ensure it's not possible to accidentally send login information in cleartext or have that information intercepted.
Cheers,
Brian
|
Jake
Toodledo Founder
|
Login information is always submitted over an https encrypted connection, even if the page you are on is not https. You can check the source code if you want to confirm this.
|
You cannot reply yet
U Back to topic home
R Post a reply
To participate in these forums, you must be signed in.