Reply to comment

May 03 2010

Hostmonster writes your login and password in URL

gagarine tag

Hostmonster  has a nice login page but a little bit insecure...

The form sends the argument by POST but you are redirected through a URL where your password and login is written in the URL.

https://login.hostmonster.com/frontend/hostmonster/index.html?login=XXX&password

Don't misunderstand, the connection is in https so your login is encrypted. But still, the url stay in the history of your browser and I realy don't think it's a good idea...

Thanks to nolocation.net to show me this...

Reply

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
By submitting this form, you accept the Mollom privacy policy.