INTERNET security
My internet security provider always marks the GWOA site as 'NotSecure' beside a red triangle. Please be careful about what you post on this site.
OK, its not that big a deal.
To clarify, this is about GWOA not supporting a secured HTTPS connection with your browser, only plain HTTP.
(basically, HTTPS means the data from your browser to the site is encrypted automatically and safe from interception)
https://www.quora.com/What-are-the-benefits-of-HTTPS-over-HTTP
Anything you write on the site is visible to anyone else who accesses the site, whether by HTTP or HTTPS. So that's not really an issue.
However, I was wondering about the entering of the GWOA member password, because this must be going out in the clear.
For that reason, I don't use a password on GWOA that I have elsewhere. If someone somehow can sniff the internet traffic, or if you log on to GWOA on a public Wifi where there could be somone sniffing that, then they get your password. With GWOA, since there is no commerce associated with it so not much anyone can do. But use a dedicated password.
duplicate...
OK, it was bugging me about the password being sent in plain view... so I traced the session (using Fiddler, its nice, try it).
And I am no developer so trying to figure out what is happening... looks like the password is not sent at all, but a Cookie is set/created in the browser session... I assume including a hash of the password+username, which is then attached to the header in subsequent requests to the server (gwoa.co.uk).
So the password is never sent, only a non-reversible hash version of it, which is checked at the server side by repeating the hash exercise to make sure it matches (and if it does, you provided the right password).
So it is perfectly secure, as far as I can see.
This is the trace:
HTTP/1.1 302 Moved Temporarily
Date: Sat, 08 Dec 2018 21:51:34 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSbd224d6c0a437efaaadec8ea92a6637a=a4d973aaafffee1c8025c138d7a0ab85; expires=Tue, 01-Jan-2019 01:24:55 GMT; path=/; domain=gwoa.co.uk
Set-Cookie: DRUPAL_UID=178; expires=Tue, 01-Jan-2019 01:24:54 GMT; path=/; domain=gwoa.co.uk
Last-Modified: Sat, 08 Dec 2018 21:51:34 GMT
Location: http://gwoa.co.uk/node
Content-Length: 0
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
I'll second that.
thanks, I don't understand but your confidence reassures me