netbeans-netcat mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alvin Thompson <al...@thompsonlogic.com>
Subject Re: Synergy sign-up is insecure
Date Wed, 03 Oct 2018 17:17:45 GMT
Since I've received a private reply, I'll point out the main issue here:

Not only does the web service that the form sends this information to need
to be secure, but the form itself must be secure.

It's possible that the javascript that the page uses to submit the password
(the registration page is an angular.js app) submits to a service secured
with HTTPS already, but by that time it's too late. Since the javascript
itself was loaded over an insecure connection, it can be modified with a
"man in the middle" attack to submit the data somewhere else--therefore
neither the javascript nor the page can be trusted.

On Wed, Oct 3, 2018 at 11:25 AM Alvin Thompson <alvin@thompsonlogic.com>
wrote:

> Sorry to be a stickler for this, but the Synergy sign-up page (
> http://netbeans-vm.apache.org/synergy/client/app/#/register) asks you to
> submit a password over an insecure connection. Can this be moved to HTTPS?
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message