[bestbits] IGF registration form completely unencrypted
Alex Comninos
alex.comninos at gmail.com
Mon Sep 9 11:09:04 EDT 2013
Hi All
Embedding HTTP in HTTPS is still very bad practice, there are many
possible vulnerabilities it can present, outlined here:
https://developer.mozilla.org/en-US/docs/Security/MixedContent
Kind regards,
Alex
...
On 9 September 2013 15:59, William Drake <william.drake at uzh.ch> wrote:
> Hi
>
> On Sep 9, 2013, at 3:10 PM, Alex Comninos <alex.comninos at gmail.com> wrote:
>
> On 9 September 2013 15:06, Robert Guerra <rguerra at privaterra.org> wrote:
>
> Someone correct me if I am wrong - but this isn't the first time the issue
> of having an insecure registration site has been raised.
>
>
> IGF 2011 had an http registration and I raised it then, 2012 utilised
> HTTPS, I am not sure of the others.
>
>
> Saw this message and shot the secretariat a note, since it's their site.
> Chengetai's response is below.
>
> Cheers
>
> Bill
>
> —————
>
> From: Chengetai Masango <CMASANGO at unog.ch>
> Subject: Re: [bestbits] IGF registration form completely unencrypted
> Date: September 9, 2013 3:37:20 PM GMT+02:00
> To: William Drake <william.drake at uzh.ch>
> Cc: IGF <IGF at unog.ch>
>
> Hi Bill,
>
> We have an https link
>
>
> https://comanche.vervehosting.com/~wgig/igf/cms/wks2013/meeting_attendance_registration_2013_IGF.php
>
> I will add the link to the form.
>
>
> on the server side its all encrypted so that's fine.
More information about the Bestbits
mailing list