1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BHW, let's DEMAND Cleanfiles protects our passwords!!!

Discussion in 'CPA' started by Fryyy, Oct 1, 2013.

  1. Fryyy

    Fryyy Newbie

    Joined:
    Aug 21, 2013
    Messages:
    26
    Likes Received:
    15
    I sadly just today noticed that Cleanfiles never bothered to buy an SSL certificate to secure our information.
    It costs what, 30-100 dollars depending on where you buy???

    Also, When you log-in at cleanfiles.net/login, it redirects you to cleanfiles.net/login?username=USERNAME&password=PASSWORD
    PLAIN TEXT.

    This is poor programming.
    I'm sorry to whom owns CF. I use your network and I love it but, knowing my login details are so poorly communicated that any monkey that can pull up my history has my password ....

    Why not send the username and password via POST instead of GET?
    Furthermore, please purchase SSL.

    If you cannot purchase SSL I will custom code you a jQuery password obfuscation algorithm so at least if I leave my computer or phone somewhere by mistake someone cannot pull up my password by looking at my history. That would still be shoddy security however.

    Also if you're not into coding and would supply me with a copy of what I assume is login.php, I will recode it and send it back to you so that it uses POST instead of the query string.

    To BHW members that use CF, please help to push securing our information.
    You wouldn't want your hard earned PPD money stolen by some script-kiddy with a packet sniffer.
     
  2. SocialMediaManager

    SocialMediaManager Elite Member

    Joined:
    Sep 20, 2012
    Messages:
    1,706
    Likes Received:
    746
    Occupation:
    Internet Marketing , Climbing
    Location:
    Dubai
    Read all those CL Password hacked threads :D
     
  3. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Why should they purchase a SSL certificate?

    Its much more logical to demand that they use SSL with self signed certificate. Then demand from major browsers to remove that ugly warning message that you get when your certificate is self signed.
     
    • Thanks Thanks x 1
  4. keytenx

    keytenx Supreme Member

    Joined:
    Sep 18, 2011
    Messages:
    1,254
    Likes Received:
    762
    Occupation:
    Freelance SEO / Link Builder
    Location:
    10°45'N - 122°33'E
  5. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,649
    Likes Received:
    3,494
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    OP, you said exactly the stuff I first noticed when joining CF.

    That's what has been keeping me away from CF :D
     
  6. Fryyy

    Fryyy Newbie

    Joined:
    Aug 21, 2013
    Messages:
    26
    Likes Received:
    15
    You have a point, to an extent.
    They would never remove them though.
    If I thought they would, I wouldn't bother purchasing SSL myself, I'd self-sign instead but sadly it is what it is.

     
  7. gaabrielz

    gaabrielz Registered Member

    Joined:
    Nov 17, 2008
    Messages:
    60
    Likes Received:
    35
    Occupation:
    Application Developer
    Location:
    Canada
    I have to agree,
     
  8. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,903
    Likes Received:
    7,492
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    This is a great comment. I don't trust a godaddy seal any more than I trust jon doe. The only purpose to SSL is to encrypt your traffic, those identities given in certificates are about as trustworthy as facebook profiles.
     
    • Thanks Thanks x 1
  9. Sombees

    Sombees Newbie

    Joined:
    Feb 24, 2013
    Messages:
    43
    Likes Received:
    9
    I guess not much you can do now except make sure you know who uses your computer..
     
  10. powerman123

    powerman123 Registered Member

    Joined:
    Apr 18, 2013
    Messages:
    50
    Likes Received:
    13
    I did not know cleanfiles wasnt secure