Quote:
Originally Posted by Beastie
Probably not, but it would still be preferable to encrypt the log in process/cookie data.
|
With an unencrypted connection it's easier for an interloper to do an MITM exploit - and transmit malware, etc. Really, it's not even an exploit of any consequence when the stream is http - pretty easy. It doesn't seem to me that it'd be much more of a maintenance issue to add the secure https server to the site.
I come here occasionally because NetBSD doesn't really have a forum of its own. But I always think to myself when I visit, "Oops, I'm going to be http again."