HereFishyFishy
Bearded Dragon Egg
- Messages
- 15
Hi guys,
As a computer programmer I would be remiss if I did not alert you to a few points about this site.
Having looked through it's HTML, it's Divs and php/ html "post" and "get" requests (I'm sorry if this is too technical), I have to say this site is not secure at all, it would be extremely trivial for me to harvest ALL of the users passwords and physical locations - I'm not trying to worry you but it is true.
Take the term "POST" I used - this means what ever information you type in the password box is sent to the server hidden, but not secure - just hidden from plain view ( and I'm not talking about the **** that obscures your password, that is just client(web browser) looking at the HTML fields settings). so this can be intercepted by of the 1 to 5 million servers or computers it runs through to get to tapatalk's (sites hosts) server. there should be client and server SSL (secure sockets layer) it is crazy that a website is not running HTTPS!
for fear of going off in a technical rant I will just say this : any information sent by http and not https is INSECURE.
I am a hobbyist programmer, if an actual bad guy saw this your personal information is up for grabs.
example:
I pull up a users username, type it in the login, i use a quick bit of knowhow in the password box ( I'll not share this here as it's not really good to feed people hacking tips) and log into your account.
I then pull up your session ID in my browser, I now have your cookie, I can now inject it into my own HTTP requests to the server, I can now change your password - after viewing it of course.
I take your registration email and password to other sites ( or if I'm smart I make a program to ping sites) using your email and password, I get onto amazon and buy myself some lovely headphones to an address on your credit cards, and the whole plethora of other scenarios you can imagine.
Site security is a big deal, someone either needs to lay for a SSL license and start encrypting the site or I'd suggest a move.
At the very least don't let your password here be anywhere else, same with your email address.
Thanks
As a computer programmer I would be remiss if I did not alert you to a few points about this site.
Having looked through it's HTML, it's Divs and php/ html "post" and "get" requests (I'm sorry if this is too technical), I have to say this site is not secure at all, it would be extremely trivial for me to harvest ALL of the users passwords and physical locations - I'm not trying to worry you but it is true.
Take the term "POST" I used - this means what ever information you type in the password box is sent to the server hidden, but not secure - just hidden from plain view ( and I'm not talking about the **** that obscures your password, that is just client(web browser) looking at the HTML fields settings). so this can be intercepted by of the 1 to 5 million servers or computers it runs through to get to tapatalk's (sites hosts) server. there should be client and server SSL (secure sockets layer) it is crazy that a website is not running HTTPS!
for fear of going off in a technical rant I will just say this : any information sent by http and not https is INSECURE.
I am a hobbyist programmer, if an actual bad guy saw this your personal information is up for grabs.
example:
I pull up a users username, type it in the login, i use a quick bit of knowhow in the password box ( I'll not share this here as it's not really good to feed people hacking tips) and log into your account.
I then pull up your session ID in my browser, I now have your cookie, I can now inject it into my own HTTP requests to the server, I can now change your password - after viewing it of course.
I take your registration email and password to other sites ( or if I'm smart I make a program to ping sites) using your email and password, I get onto amazon and buy myself some lovely headphones to an address on your credit cards, and the whole plethora of other scenarios you can imagine.
Site security is a big deal, someone either needs to lay for a SSL license and start encrypting the site or I'd suggest a move.
At the very least don't let your password here be anywhere else, same with your email address.
Thanks
