Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
IbJacked
on June 28, 2014
|
parent
|
context
|
favorite
| on:
Passwords in plain text
Not necessarily. The login page could be http, but as long as it posts to an https address, the password is never transmitted in plain text.
fooyc
on July 11, 2014
[–]
If your login page is HTTP, your HTTPS receiver is useless. A MITM can just change the form's target URL in the HTTP login page. On inject any scripts.
Join us for
AI Startup School
this June 16-17 in San Francisco!
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
