|
|
|
|
|
|
by jimktrains2
4449 days ago
|
|
|
I see this: <form method="post" action="https://deadmansswitch.org/userhome.html">
Email:<br />
<input type="text" name="email" /><br />
Password:<br />
<input type="password" name="password" /><br />
<input type="submit" name="login" value="Log in" /><br />
<a href="/createaccount.html" title="Create an account">Create an account</a>
</form>
Also, what does/can anyone do to prevent a MITM attack? Even if thy sent a HSTS header or a redirect, they're still subject to that. |
|
|
http://pastebin.com/Ctkw6S2h
Well a better practice would be all HTTPS for the site. There are a lot of problems with this and I will probably write a blog post about it.
Everything about this site misses every best practice. 1. No CSRF tokens 2. Small secret tokens to trigger the switch. 3. passwords over http...
It's a joke.