Quote kinkyjohn="kinkyjohn"Not sure if anyone's noticed this before, or even if it is worthy of all that much concern.
The superstore login page at:
[codehttp://www.saintssuperstore.com/customer/account/login/[/code
Has the following login form:
[code<form id="login-form" method="post" action="http://www.saintssuperstore.com/customer/account/loginPost/">[/code
with the following inputs:
[code<input type="text" name="login[username]" ...
<input type="password" name="login[password]" ...[/code
As you can see, your username and password is sent in the clear over "http" and not securely over "https". If you use Firebug or something to change the action URL to "https" then you get an error as that URL isn't available on "https".
I emailed Saints about this several months ago but didn't receive a reply.
Cause for concern?'"
I complained to the club about this 18 months ago when I was ordering on line and suddenly appeared the details of[u
everyone [/uwho had purchased on line that day e.g. name / address / what they bought etc but fortunately only the method of payment not their card details.
I phoned the club and emailed but got no reply at all so posted on this forum a warning.
'"
