Jump to content


Registration Security

  • Please log in to reply
1 reply to this topic

#1 Doomster1961



  • Full Member
  • Pip
  • 2 posts

Posted 26 February 2009 - 08:43 AM

Hi everyone. First time on your site. Just one problem.
I registered to your Spywareinfoforum site and my browser firewall posted a phishing possibility by one of your forum threads. The email that was sent by your site for activation and linked to verify, does not have the secure measure of "https://" and therefore anyone could hijack the transmission from my computer to your server. This could compromise my Privacy and lead to malware which is exactly what you are trying to prevent. :scratchhead:

#2 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 February 2009 - 11:30 AM

When you click the validation link, your browser goes to a special temporary topic and the board software notes that your email address is valid. It changes your status from 'Validating' to 'New Member' in our database. There is no transmission from your PC unless you call browsing a transmission. Since there is no information sent, there is no need for https.

If someone managed to steal the validation letter and clicked the link, your membership would show as validated, but the thief wouldn't be able to use your account unless they knew your password. Your password is encrypted on the board and is invisible even to the board owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

Member of UNITE
Support SpywareInfo Forum - click the button