ranger1 (ranger1) wrote in suggestions,

secure login using https

secure login using https

Short, concise description of the idea
When I log in, my account and password are sent insecurely (as cleartext http) over the network. If feasible, could LJ use a more secure method for logins (https)?

Full description of the idea
An example from another site that uses cookies-based authenticaiton: login.yahoo.com The default is an insecure login (perhaps in deference to users with non-SSL-enabled browsers). But they allow secure login by clicking the "Secure" link on the page.

An ordered list of benefits

  • Better security
  • Less time dealing with comprimised accounts (hopefully)
  • An ordered list of problems/issues involved

  • Might not integrate well with how LJ is architected or coded (?)
  • When you're not logged-in, there's a small "login" form at the top of nearly every page on LiveJournal. I've noticed that sites which use https logins often deliver the login page *itself* via https. This could mean that if the mini "login" form is to remain ubiquitous through out LJ, then all those pages would have to be sent to the user via https instead of http. This would effectively limit LJ users to using SSL-capable browsers.
  • An organized list, or a few short paragraphs detailing suggestions for implementation

  • (None, sorry. This seems heavily dependent on the innards of LJ, which I'm not familiar with.)
  • Tags: security, § implemented
    • Post a new comment


      Anonymous comments are disabled in this journal

      default userpic

      Your reply will be screened

      Your IP address will be recorded