|
 |
| Rank | Posts | Team |
| Club Owner | 253 | No
Team
Selected |
| Joined | Service | Reputation |
| Nov 2004 | 21 years | |
| Online | Last Post | Last Page |
| Aug 2023 | Dec 2018 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
Not sure if anyone's noticed this before, or even if it is worthy of all that much concern.
The superstore login page at:
[codehttp://www.saintssuperstore.com/customer/account/login/[/code
Has the following login form:
[code<form id="login-form" method="post" action="http://www.saintssuperstore.com/customer/account/loginPost/">[/code
with the following inputs:
[code<input type="text" name="login[username]" ...
<input type="password" name="login[password]" ...[/code
As you can see, your username and password is sent in the clear over "http" and not securely over "https". If you use Firebug or something to change the action URL to "https" then you get an error as that URL isn't available on "https".
I emailed Saints about this several months ago but didn't receive a reply.
Cause for concern?
|
|
|
| Rank | Posts | Team |
| Player Coach | 416 | No
Team
Selected |
| Joined | Service | Reputation |
| Sep 2010 | 15 years | |
| Online | Last Post | Last Page |
| Nov 2010 | Nov 2010 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
I have no idea what all that means lol
|
|
|
|
|
| Rank | Posts | Team |
| Player Coach | 2471 | No
Team
Selected |
| Joined | Service | Reputation |
| Aug 2006 | 19 years | |
| Online | Last Post | Last Page |
| Jan 2019 | May 2016 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
Yes. If it contains financial details the login credentials should be encrypted.
Very amateaurish really.
|
|
|
| Rank | Posts | Team |
| Player Coach | 12 | No
Team
Selected |
| Joined | Service | Reputation |
| Mar 2010 | 15 years | |
| Online | Last Post | Last Page |
| Oct 2010 | Oct 2010 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
| My sis works for EMS Internet who does the store side of the site. Il let her know to tell the tech guys  |
|
|
| Rank | Posts | Team |
| Player Coach | 6668 | No
Team
Selected |
| Joined | Service | Reputation |
| Sep 2010 | 15 years | |
| Online | Last Post | Last Page |
| Sep 2023 | Jun 2023 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
This could be an issue if the financial details are kept stored on the profiles. Saints should definately be looking into it.
|
|
|
|
|
| Rank | Posts | Team |
| International Board Member | 29216 | No
Team
Selected |
| Joined | Service | Reputation |
| Jul 2003 | 22 years | |
| Online | Last Post | Last Page |
| Feb 2025 | Jan 2025 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
| Cheers for the heads up. I'm now £212,500 richer.
I even put the debit from your credit cards down 'Regards, Ski retail inc'.  |
|
|
| Rank | Posts | Team |
| Player Coach | 16170 | No
Team
Selected |
| Joined | Service | Reputation |
| Jul 2008 | 17 years | |
| Online | Last Post | Last Page |
| Feb 2016 | Oct 2015 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
| Quote kinkyjohn="kinkyjohn"Not sure if anyone's noticed this before, or even if it is worthy of all that much concern....'"
Yes, definitely of concern. They should be using https. That is so bad. I'm glad I've never ordered anything online from Saints! |
|
|
| Rank | Posts | Team |
| International Board Member | 676 | No
Team
Selected |
| Joined | Service | Reputation |
| Nov 2003 | 22 years | |
| Online | Last Post | Last Page |
| Apr 2014 | Jul 2012 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
| Wasn't big mac on the board of directors for an IT security company |
|
|
|
|
| Rank | Posts | Team |
| International Chairman | 578 | No
Team
Selected |
| Joined | Service | Reputation |
| Jun 2002 | 23 years | |
| Online | Last Post | Last Page |
| Jul 2014 | Jul 2014 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
Also it doesn’t comply with PCI compliance. So the credit card company/banks could remove the credit card facility from Saints.
If anyne from the club reads this we can help. [urlhttp://www.networkdefence.com[/url
|
|
|
| Rank | Posts | Team |
| International Chairman | 486 | No
Team
Selected |
| Joined | Service | Reputation |
| Jun 2002 | 23 years | |
| Online | Last Post | Last Page |
| Jan 2017 | Jan 2017 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
Bizarre, the layout changed today on the store for the ISC stuff and now its back to how it was before.
It showed Wilkin and Roby in ISC branded polo shirt and t-shirt with the new Saints badge.
I have a screen shot on my work pc.
|
|
|
| Rank | Posts | Team |
| Club Coach | 2935 | No
Team
Selected |
| Joined | Service | Reputation |
| Feb 2005 | 20 years | |
| Online | Last Post | Last Page |
| Jul 2021 | Nov 2012 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
| Quote Ell Saint Blues="Ell Saint Blues"Bizarre, the layout changed today on the store for the ISC stuff and now its back to how it was before.
It showed Wilkin and Roby in ISC branded polo shirt and t-shirt with the new Saints badge.
I have a screen shot on my work pc.'"
The shot appears to be back. Not sure about it myself tbh. |
|
|
|
| Rank | Posts | Team |
| Club Coach | 31335 | No
Team
Selected |
| Joined | Service | Reputation |
| May 2005 | 20 years | |
| Online | Last Post | Last Page |
| Jan 2015 | Nov 2014 | LINK |
| Milestone Posts |
|
| Milestone Years |
|
|
| Location |
|
| Signature |
|
TO BE FIXED |
|
|
[url=http://www.saintssuperstore.com/hplarge/19.jpgCringe[/url
|
|
|
|
|
|
