This have been communicated before in this forum. Only action taken was to do the simplest test that was known to pass. It’s not the right way of thinking. If you have a web site not using HTTPS / SSL you are then taking responsibility to check/babysit every single use case. Of course, it’s naive to go that route. HTTPS is not that expensive. Like last time, I hope the security of handling Vera product is not the same that handle security of the forum
To be fair GoDaddy.com have been worst for years, and instead of fixing their ftp issue, liked to have blogs about how to have a very long and complex password, and change them all the time, to answer why their users account were hacked all the time And still didn’t do anything years after I explained them the problem… can you do better?
Below is the network request sent in clear text:
http://forum.micasaverde.com/index.php?action=register2
Accept: text/html, application/xhtml+xml, image/jxr, /
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en; q=0.8, fr-CA; q=0.5, fr; q=0.3
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 246
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=dg9n52dh5ndmduei5vq3e8ksu1; tapatalk_redirect4=false
Host: forum.micasaverde.com
Referer: http://forum.micasaverde.com/index.php?action=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586
email: myemail%40email.com
passwrd1: MySecurePassword1
passwrd2: MySecurePassword1
register_vv%5Bcode%5D: bdhxxx
register_vv%5Bq%5D%5B1%5D: 5
register_vv%5Bq%5D%5B15%5D: 10
register_vv%5Bq%5D%5B3%5D: earth
regSubmit: Register
step: 2
user: mysecondusername