Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Forum is available in English only.
Gixen.com Forum Index
Post a reply
Enter characters from the following image:
View more Emoticons
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Select a forum
Suggestions and Ideas
Posted: Wed Jul 13, 2016 6:03 am
The compelling reason is that the login form is presented on every page.
Many of those pages also host adverts, which help support the platform and enable the free service to remain available.
In order for those adverts to be possible the pages have to be http not https.
As indicated above the actual credentials are sent securely... I am still of the view that your argument is not sufficient to warrant or require a change in policy which is in line with many other secure websites.
Posted: Tue Jul 12, 2016 11:27 am
While a MITM could hijack the connection, HTTPS would prevent this (or more specifically, would at least warn me)
Is there a compelling reason to force delivery the login page over HTTP rather than HTTPS?
Posted: Sat Jul 09, 2016 1:39 am
Hijacking the connection you have with your service provider, while technically possible, is extremely rare and dependant on overcoming other security measures other than the https encryption on the link to a specific website.
If it were achieved, the 'Man In the Middle' could just as easily mimic the https page that contains the login form, and the vast majority of users would never notice... and obtain the credentials anyway... via people logging into Ebay itself without them needing to have used Gixen at all, that is certainly what I would do if I was formulating a strategy to obtain Ebay credentials... So, I don't think your analysis actually stands up to argument... and I'm sure it has never even been attempted with Gixen, let alone achieved.
Pretty much everyone is already aware that you have to be extra careful with all your site usage when using open Wifi, and unsecured public computers and networks anyway... and this is why.
Posted: Fri Jul 08, 2016 10:47 pm
Unfortunately this isn't really true. Without HTTPS on the page that generates the form, an attacker in a MITM position could rewrite the form to send credentials elsewhere.
HTTPS is needed on both the form supplying the login page AND the destination page to have any measure of security.
Posted: Mon Jul 14, 2014 4:51 am
The target of the 'Log in Now' button is an https link... which is all that is necessary to ensure that your credentials are sent securely... To confirm this, if you understand web programming, you can view the page source of this page in your browser.
The whole site is not accessed via https because then adverts could not be hosted... which is what helps to keep the main service free to all.
This is the code you are looking for:
<form id="form1" name="form1" method="post" action="https://www.gixen.com/home_1.php">
<table width="95%" border="0" align="right" cellspacing="0">
<td width="127"><div align="right"><span class="text10_black">eBay username</span></div></td>
<td width="122"><input name="username" type="text" class="text_black" id="username" /></td>
<td width="90" class="text10_black"><div align="right">eBay Password </div></td>
<td width="122"><span class="text10_black">
<input name="password" type="password" class="text_black" id="password" />
<td width="82" class="text10_gray"><label>
<input name="signin" type="hidden" id="signin" value="signin" size="15" class="field" />
<input name="Submit" type="submit" class="dugme" value="Log in Now" />
<td colspan="5" bgcolor="#CDCDCD" class="text10_black"><span class="text10_black">Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com</span> terms of usage.</td>
Posted: Mon Jul 14, 2014 4:22 am
Post subject: How secure
Hi, before I use the service I just wanted some re-assurance on how secure & safe it is. I noticed that there is no H T T P S : / / in the title bar stating a secure connection.
© 2019 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.