Hostmonster writes your login and password in URL

May 03 2010

Hostmonster  has a nice login page but a little bit insecure...

The form sends the argument by POST but you are redirected through a URL where your password and login is written in the URL.

https://login.hostmonster.com/frontend/hostmonster/index.html?login=XXX&password

Don't misunderstand, the connection is in https so your login is encrypted. But still, the url stay in the history of your browser and I realy don't think it's a good idea...

Thanks to nolocation.net to show me this...

gagarine - 03/05/10
tag

Comments

Anonymous's picture

#1 abdulaziek

i neasdhii lhfldahs lfalsdifhli dshfadlfhl;h fasdk ugfkdusgkuf asgfukgw eiryqouiyr pqu;ofdj klkjdlskvnc,xjkhzu ghoiryho' ;jk/ja hosdioyirqweoiroiyq oiylhncn ihaoisdkld lihqwhq hqdo ihioc zaihyo fhqwoifqo ifhoci qofhyoiqyerq qiowyoeryqow yqo ywoqeyo qwe yoqwieyqwyyyo woyeoiqwy owyqeoiyq oey o wp udpap pdpaupuwuu oqwyoyyyo oq oq


08/09/2011 - 09:23

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
By submitting this form, you accept the Mollom privacy policy.