shinami576 Posted December 13, 2009 Share Posted December 13, 2009 I posted this here because the source is verified as html. What better place to ask this question than in the html section of the forums?This is the login page source for the web host I use. My user name and password were quite prominently displayed in the source. I don't understand much about website and login info security YET but if I could view this so easily...then, I can't help but worry about the security of my site. If someone gets my login info for the admin panel then I'm up the creek. Should I be worried about the security of my web host?NOTE:I did "edit" out my user name and password. Only an idiot would have left that sort of info there. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Please Wait...</title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta name="robots" content="no-follow"/></head><body onload="submitForm();"> <h1>Please Wait While we process your login</h1> <p>You should be automatically redirected to your control panel within a few moments.</p> <form method="post" action="https://cl74.justhost.com:2083/login/" id="loginform"> <input type="hidden" name="user" value="USER" /> <input type="hidden" name="login" value="USER" /> <input type="hidden" name="pass" value="PASS" /> <input type="submit" value="Click Here to Login if you are not automatically redirected in 10 seconds."/> </form> <script type="text/javascript"> function submitForm() { document.getElementById('loginform').submit(); } </script></body></html> Link to comment Share on other sites More sharing options...
Synook Posted December 13, 2009 Share Posted December 13, 2009 That just appears to be a redirection page - did you have to authenticate before reaching that stage? Link to comment Share on other sites More sharing options...
shinami576 Posted December 13, 2009 Author Share Posted December 13, 2009 The code listed in my OP is the page loaded AFTER I press the "login" button on the login page. So, as you said, it is a redirect page. By authentication, what do you mean? Link to comment Share on other sites More sharing options...
Synook Posted December 13, 2009 Share Posted December 13, 2009 Then it doesn't really matter, because you had to enter that information before it displayed it; for anyone else it would display their details. If that was sent over an unencrypted (i.e. not HTTPS) connection, then people could still intercept that information, but that holds true for any data sent, client to server, e.g. as form data, or server to client, in the response-body. Link to comment Share on other sites More sharing options...
shinami576 Posted December 13, 2009 Author Share Posted December 13, 2009 So what you're saying that if it was a "https" then the data is encrypted. So, there isn't a need to worry about what my web host has done with the page I put in a code box? Link to comment Share on other sites More sharing options...
Synook Posted December 13, 2009 Share Posted December 13, 2009 So, there isn't a need to worry about what my web host has done with the page I put in a code box?No, not really. Just check that your login form is where you think it is. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.