http://pastebin.com/Ctkw6S2h
Well a better practice would be all HTTPS for the site. There are a lot of problems with this and I will probably write a blog post about it.
Everything about this site misses every best practice. 1. No CSRF tokens 2. Small secret tokens to trigger the switch. 3. passwords over http...
It's a joke.
Yeah, it is. Especially since their cert is over a year dead.
http://pastebin.com/Ctkw6S2h
Well a better practice would be all HTTPS for the site. There are a lot of problems with this and I will probably write a blog post about it.
Everything about this site misses every best practice. 1. No CSRF tokens 2. Small secret tokens to trigger the switch. 3. passwords over http...
It's a joke.