Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Menu
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Search
Gixen.com Forum Index
->
Support
Post a reply
Username
Subject
Anti-Bot check:
Enter characters from the following image:
Item ID warning
Please provide eBay item id number (unless provided already) in the post message if you have a question about specific item.
I cannot investigate an issue without it
.
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Tiny
Small
Normal
Large
Huge
Close Tags
[quote="eljugg"]After being away from my computer for a bit, I refreshed the page with my scheduled snipes at this page (replace <username>): [quote]gixen.com/home_2.php?username=<username>&mirror=1[/quote] Due to a timeout, I received this error: [quote]Session expired. Please sign in again.[/quote] The top of this page also has the normal login form including this notice: [quote]Login is SSL protected.[/quote] I noticed after logging in no h.t.t.p.s page was hit. This is the login form (html) from the above page: [code]<form id="form1" name="form1" method="post" action="home_1.php">[/code] This needs to be fixed/changed to what the homepage has (with h.t.t.p.s action): [code]<form id="form1" name="form1" method="post" action="h.t.t.p.s://w.w.w.gixen.com/home_1.php">[/code] I suggest checking other places where a login might appear (with home_1.php as the action) and verifying they are all h.t.t.p.s actions. It might be worth considering making all pages h.t.t.p.s after logging in. I realize this is a free (for most) service and I have found it useful thus far, however having my ebay login and password sent in plain text when I'm explicitly told it won't be is unacceptable. Thanks. [i]* To get past your spam filter I had to use h.t.t.p.s and w.w.w in my explanation[/i][/quote]
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Jump to:
Select a forum
Gixen
----------------
Announcements
Support
Suggestions and Ideas
Impressions
Blog
Topic review
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline"> <tr> <th class="thCornerL" width="22%" height="26">Author</th> <th class="thCornerR">Message</th> </tr> <tr> <td width="22%" align="left" valign="top" class="row1"><span class="name"><a name=""></a><b>eljugg</b></span></td> <td class="row1" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Tue Nov 22, 2011 5:44 am<span class="gen"> </span> Post subject: </span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">Thanks for the quick turnaround on this issue!</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row2"><span class="name"><a name=""></a><b>mario</b></span></td> <td class="row2" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Mon Nov 21, 2011 8:50 pm<span class="gen"> </span> Post subject: </span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">Thank you for the report and my apologies, this is indeed a bug, the form shown after session expires indeed contained an insecure target link for the login. This is fixed now.</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row1"><span class="name"><a name=""></a><b>eljugg</b></span></td> <td class="row1" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Mon Nov 21, 2011 8:25 pm<span class="gen"> </span> Post subject: SSL login/password sent in plain text</span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">After being away from my computer for a bit, I refreshed the page with my scheduled snipes at this page (replace <username>): <br /></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Quote:</b></span></td> </tr> <tr> <td class="quote">gixen.com/home_2.php?username=<username>&mirror=1</td> </tr></table><span class="postbody"> <br /> <br />Due to a timeout, I received this error: <br /></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Quote:</b></span></td> </tr> <tr> <td class="quote">Session expired. Please sign in again.</td> </tr></table><span class="postbody"> <br /> <br />The top of this page also has the normal login form including this notice: <br /></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Quote:</b></span></td> </tr> <tr> <td class="quote">Login is SSL protected.</td> </tr></table><span class="postbody"> <br /> <br />I noticed after logging in no h.t.t.p.s page was hit. This is the login form (html) from the above page: <br /></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Code:</b></span></td> </tr> <tr> <td class="code"><form id="form1" name="form1" method="post" action="home_1.php"></td> </tr></table><span class="postbody"> <br /> <br />This needs to be fixed/changed to what the homepage has (with h.t.t.p.s action): <br /></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>Code:</b></span></td> </tr> <tr> <td class="code"><form id="form1" name="form1" method="post" action="h.t.t.p.s://w.w.w.gixen.com/home_1.php"></td> </tr></table><span class="postbody"> <br /> <br />I suggest checking other places where a login might appear (with home_1.php as the action) and verifying they are all h.t.t.p.s actions. It might be worth considering making all pages h.t.t.p.s after logging in. I realize this is a free (for most) service and I have found it useful thus far, however having my ebay login and password sent in plain text when I'm explicitly told it won't be is unacceptable. <br /> <br />Thanks. <br /> <br /><span style="font-style: italic">* To get past your spam filter I had to use h.t.t.p.s and w.w.w in my explanation</span></span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> </table>
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.
Search
