|
|
|
|
|
|
by theboss
4451 days ago
|
|
|
That is the login form. I'm not sure how to paste code onto hacker news so here is a pastebin of the registration form. http://pastebin.com/Ctkw6S2h Well a better practice would be all HTTPS for the site. There are a lot of problems with this and I will probably write a blog post about it. Everything about this site misses every best practice.
1. No CSRF tokens
2. Small secret tokens to trigger the switch.
3. passwords over http... It's a joke. |
|
|
Yeah, it is. Especially since their cert is over a year dead.