Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I see this:

						<form method="post" action="https://deadmansswitch.org/userhome.html">
							Email:<br />
							<input type="text" name="email" /><br />
							Password:<br />
							<input type="password" name="password" /><br />
							<input type="submit" name="login" value="Log in" /><br />
							<a href="/createaccount.html" title="Create an account">Create an account</a>
						</form>
Also, what does/can anyone do to prevent a MITM attack? Even if thy sent a HSTS header or a redirect, they're still subject to that.


That is the login form. I'm not sure how to paste code onto hacker news so here is a pastebin of the registration form.

http://pastebin.com/Ctkw6S2h

Well a better practice would be all HTTPS for the site. There are a lot of problems with this and I will probably write a blog post about it.

Everything about this site misses every best practice. 1. No CSRF tokens 2. Small secret tokens to trigger the switch. 3. passwords over http...

It's a joke.


/me is unable to read :( sorry abotu that

Yeah, it is. Especially since their cert is over a year dead.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: