Quote:
Originally Posted by Brian B-P
... the login challenge page (presented to a user who tries to post after being timed out, or to a user who simply has not logged in and tries something requiring a logged-in session) is still not secure; I doubt this is what the forum's administrators would intend.
|
The login challenge page is secured now, too.
The
User CP page and some of the pages under it are now secure, but still the
Edit Email & Password page (in which you enter your current and new passwords and e-mail addresses) is not secure (at least by default... see below). Like some others, I don't understand the piecemeal approach, but I assume that the administrators will take care of this one, too... and hopefully systematically review content under the
User CP.
Amusingly, if you manually enter the transport in the URL (that is, type "HTTPS://" in front of "/www.escapeforum.org/forums/profile.php?do=editpassword") you can get the site to start providing this page (and presumably others) securely. Of course it would not be reasonable to expect users to manually trigger secure transport of individual pages.