Login Now to remove this and all advertisements (GOLD and SILVER members)
Not a member? Register Now for free

SSL encryption

Status
Not open for further replies.

ajd

Active Member
Joined
Jan 17, 2014
Messages
543
Points
10
Could we please get SSL (HTTPS) enabled on this site?

SSL is generally a good thing to have, but now that Verified Airline Status has been launched - I have enough issues with giving my credentials to a third party, but I am most definitely not comfortable with entering authentication details over an insecure connection.

http://www.australianfrequentflyer.com.au/verified-airline-status/ said:
From the moment you enter your password, it is never stored as plain text.
Well, it's not stored in plain text - but given that there's no SSL nor any client-side encryption, it is most definitely transmitted in plain text.
 
Get paid up to 25% in real cash from your everyday purchases from leading companies such as Virgin Australia, Booking.com, Woolworths, Coles, Apple, Microsoft and much more. Free to join and no catches!

Recommended by the Australian Frequent Flyer

Admin

Established Member
Administrator
Joined
Jun 18, 2002
Messages
1,285
Points
595
Qantas
Bronze
Virgin
Red
We actually have installed SSL on our server. The problem is that as the site wasn't designed to run on https pages, some cosmetic problems can occur if https is the default. We are looking at correcting this.

In the interim and if you prefer, you can use the https page. Simply replace "http" with "https" on the page you are viewing to use that page securely.

Different browsers have different ways of representing that the page is secure. Below is how the Settings>Edit Profile page looks on Chrome using https. The arrow points to the icon showing that the page is secure.

secure.jpg


Could we please get SSL (HTTPS) enabled on this site?

SSL is generally a good thing to have, but now that Verified Airline Status has been launched - I have enough issues with giving my credentials to a third party, but I am most definitely not comfortable with entering authentication details over an insecure connection.



Well, it's not stored in plain text - but given that there's no SSL nor any client-side encryption, it is most definitely transmitted in plain text.
 
Status
Not open for further replies.

Community Statistics

Threads
86,562
Messages
2,098,076
Members
53,891
Latest member
Traveling_Side
Top