Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Menu
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Search
Gixen.com Forum Index
->
Support
Post a reply
Username
Subject
Anti-Bot check:
Enter characters from the following image:
Item ID warning
Please provide eBay item id number (unless provided already) in the post message if you have a question about specific item.
I cannot investigate an issue without it
.
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Tiny
Small
Normal
Large
Huge
Close Tags
[quote="Cupid"]Personally, I like the simple layout provide by Gixen. The alternative would be to provide a separate page that does nothing other than log you in. I'd rather keep the current interface but perhaps an https login page could additionally be provided somewhere else on the site. As Mario has tirelessly explained, that would only be catering for best practice, in terms of security it really isn't necessary and the current interface is adequate and entirely fit for purpose.[/quote]
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Jump to:
Select a forum
Gixen
----------------
Announcements
Support
Suggestions and Ideas
Impressions
Blog
Topic review
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline"> <tr> <th class="thCornerL" width="22%" height="26">Author</th> <th class="thCornerR">Message</th> </tr> <tr> <td width="22%" align="left" valign="top" class="row1"><span class="name"><a name=""></a><b>mario</b></span></td> <td class="row1" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Fri Oct 18, 2013 3:55 pm<span class="gen"> </span> Post subject: Re: Poor practice</span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody"></span><table width="90%" cellspacing="1" cellpadding="3" border="0" align="center"><tr> <td><span class="genmed"><b>twobuckes wrote:</b></span></td> </tr> <tr> <td class="quote">It is poor practice to encourage users to sign in on pages that are not https. The only way that a user has of knowing that a sign in is secure is the padlock symbol (in the browser chrome) which indicates that the whole page is https. Users should not sign in on pages that do not have the padlock.</td> </tr></table><span class="postbody"> <br /> <br />So you don't (login from there). No one is preventing you from accessing Gixen via <a href="https://www.gixen.com" target="_blank" rel="nofollow">https://www.gixen.com</a> and logging in from there if you believe the risk of non-ssl loaded login form is significant. In theory it's possible someone could tamper with such form. In practice I yet have to hear of a single case of that happening. Technically it's more difficult to do than to sniff the password and impossible to do without risking of such attack being detected.</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row2"><span class="name"><a name=""></a><b>Cupid</b></span></td> <td class="row2" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Fri Oct 18, 2013 5:21 am<span class="gen"> </span> Post subject: </span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">Personally, I like the simple layout provide by Gixen. <br /> <br />The alternative would be to provide a separate page that does nothing other than log you in. I'd rather keep the current interface but perhaps an https login page could additionally be provided somewhere else on the site. <br /> <br />As Mario has tirelessly explained, that would only be catering for best practice, in terms of security it really isn't necessary and the current interface is adequate and entirely fit for purpose.</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row1"><span class="name"><a name=""></a><b>twobuckes</b></span></td> <td class="row1" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Fri Oct 18, 2013 1:51 am<span class="gen"> </span> Post subject: Poor practice</span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">It is poor practice to encourage users to sign in on pages that are not https. The only way that a user has of knowing that a sign in is secure is the padlock symbol (in the browser chrome) which indicates that the whole page is https. Users should not sign in on pages that do not have the padlock.</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row2"><span class="name"><a name=""></a><b>mario</b></span></td> <td class="row2" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Sat Aug 31, 2013 3:46 pm<span class="gen"> </span> Post subject: </span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">SSL is used during log in during which a session id is generated. After that traffic is redirected to plain http. Your password is never transmitted over plain http, but your traffic is (e.g. adding, deleting and modifying snipes). <br /> <br />Mirror subscribers are on SSL all the time, the session is never redirected back to plain http.</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> <tr> <td width="22%" align="left" valign="top" class="row1"><span class="name"><a name=""></a><b>johntll</b></span></td> <td class="row1" height="28" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%"><img src="templates/subSilver/images/icon_minipost.gif" width="12" height="9" alt="Post" title="Post" border="0" /><span class="postdetails">Posted: Sat Aug 31, 2013 11:17 am<span class="gen"> </span> Post subject: Says SSL but no security encryption indicated??</span></td> </tr> <tr> <td colspan="2"><hr /></td> </tr> <tr> <td colspan="2"><span class="postbody">Tried on Firefox and Microsoft IE, and not showing httpS or any other indication that it is an encrypted site of any sort. Yet, it says it''s SSL. <br /> <br />Can somebody explain this?? :?:</span></td> </tr> </table></td> </tr> <tr> <td colspan="2" height="1" class="spaceRow"><img src="templates/subSilver/images/spacer.gif" alt="" width="1" height="1" /></td> </tr> </table>
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.
Search
