posted on May 25, 2001 10:25:25 PM new
I was just looking at the page source code of the new sell page once logged in and noticed my id and password was in the page source, in plain text. How secure is this?
posted on May 25, 2001 11:11:19 PM new
well, so what? if you have to be logged in to see the password in your source, then anyone who could see it already knows the password because they need it to log in.
if they aren't logged in it won't show up in your source.
if you're planning to use a public terminal and log in, then walk away, then you have problems but they ain't coming from somebody looking at the source code! more like somebody sitting down after you and typing something in---if they even knew how to do that.
posted on May 25, 2001 11:16:21 PM new
Can someone intercept this information while it's sent on the web or is it sent encrypted? This is one area I'm not too familiar with. I notice credit card information is sent on SSL servers (https) instead of regular servers. Since eBay id's and passwords are used to bid on items, sell, send feedback and all the rest wouldn't it be safer for the passwords to be encrypted in some way? Or is this just OK the way it is?
posted on May 26, 2001 02:32:50 AM newAnonymousCoward
I had read somewhere, I can't remember which news source right now, that not all parts of Ebay used a SSL to enter your password.
The best way to sign in, is go to the top of the page where it says sign in, and underneath where you put your user name and password, there is a "use SSL to sign in"
When you click on that, it will bring you to the SSL sign in.
