in reply to Re^2: Requiring old password in order to change your password (https)
in thread Requiring old password in order to change your password
Thanks, that's one step in the right direction. Additionally, it would be great to consider (optionally) allowing https for all communications (not just logins) in your on-going security review of the site. Some claim SSL/TLS is not computationally expensive any more but that is of course subject to debate.
Https everywhere is getting a lot of traction and the number of sites that supports https "all the way" is large and growing. It would be great to add perlmonks.org to the list:
$ ls https-everywhere/src/chrome/content/rules/*.xml | wc -l 426
$ cd https-everywhere/src/chrome/content/rules/ $ ls *.xml 123-Reg.xml FrontlineDefenders.xml Pastebin.ca.xml 33Bits.xml Gandi.xml PayPal.xml 38.de.xml Gentoo.xml PCCaseGear.xml 3min.xml Getclicky.xml PCWorld.xml 4sevens.xml GetFirebug.xml PearsonVUE.xml 7chan.xml GiBlod.xml Ping.fm.xml AA.xml Github.xml Pipex.xml ABNAMRO.xml GlobeAndMail.xml PirateBay.xml AboutMe.xml GMX.xml PirateParty.xml AccessibilityNL.xml GoDaddy.xml Pivotaltracker. +xml AccessNow.xml GoogleAPIs.xml Pizzahut.xml Adafruit.xml GoogleServices.xml Playboy.xml Adbrite.xml Google.xml PlentyOfFish.xm +l AddThis.xml GovernoPortugues.xml Plus.xml Adobe.xml Gravatar.xml Pogo.xml Afraid.org.xml Grepular.xml Postbank.xml Aftenposten.xml Groupon.de.xml Postfinance.xml AirshipVentures.xml GuardianProject.xml Privacybox.de.x +ml Airtricity.xml Gulesider.xml PrivatePaste.xm +l AliceDSL.xml Heroku.xml ProjectHoneypot +.xml Allegro.xml Hexagon.xml Proxify.xml All-Inkl.xml hi5.xml QIP.xml Amazon-off-by-default.xml HMV.xml Qualys.xml AmericanExpress.xml Homebase.xml Quora.xml AnPost.xml Hosts.xml Quorks.xml Ansa.it.xml Hotfile.xml Qxl.xml Apache.xml HSBC.xml Rabobank.xml Apple.xml HTC.xml RAC.xml Arch.xml Hungerhost.xml RadioShack.xml Argos.xml HurricaneElectric.xml RandomOrg.xml Assembla.xml Hushmail.xml RapidSSL.xml Asterisk.xml Hustler.xml RCA.org.xml ATBank.xml Hypovereinsbank.de.xml Reddit.xml Autistici-Inventati.xml I2P.xml RedHat.xml Bahn.de.xml ICMail.xml RememberTheMilk +.xml BankofAmerica.xml Identica.xml RFC-Editor.xml Barclays.xml IdentityTheft.xml Riga.xml BA.xml IEEE.xml Riseup.xml Berlin.de.xml IETF.xml RoadRunner.xml BerliOS.xml IFA.ch.xml Robeco.xml BinRev.xml Indymedia.xml ROBOXchange.xml BinSearch.xml Inschrijven.xml RoyalGovUK.xml BitBucket.xml InterNetworX.xml RubyGems.xml Bitly.xml Interpol.xml S3.xml BlackNight.xml IrishBroadband.xml SafariBooksOnli +ne.xml Blekko.xml ISIS.xml Savannah.xml BlockBuster.xml IsoHunt.xml SBB.xml Bloglines.xml Ixquick.xml Schneier-on-Sec +urity.xml Bluehost.xml JANET.xml Scroogle.xml Boards.ie.xml Jansbrug.xml Secunia.xml Bokelskere.xml Java.xml SecurityNL.xml BookMyName.xml Joker.xml Sendmail.xml Bothar.xml Jottit.xml SigmaBeauty.xml BoxeeTV.xml JPGmag.xml SinnFein.xml BoxUK.xml JuniperNetworks.xml Sipgate.xml BrainBench.xml KabelDeutschland.xml SixApart.xml Braunschweig.xml Kayak.xml Skandiabanken.x +ml BroadbandReports.xml KDE.xml Slo-Tech.xml btjunkie.xml KernelOrg.xml SlySoft.xml BTunnel.xml KLM.xml Snagajob.xml BT.xml Komplett.xml SNSBank.xml Buckyballs.xml Lastminute.xml so36.net.xml BufferedIO.xml LastPass.xml SouthernElectri +c.xml BulkSMS.xml lawblog.de.xml SpamGourmet.xml Bungie.xml LboroAcUk.xml Sparkfun.xml CAcert.xml LensRentals.xml Spin.de.xml CaceTech.xml LibraryThing.xml Springpad.xml C-Base.xml LiftShare.xml Spyderco.xml CCC.xml Linode.xml Srware.xml CDT.xml Linux.com.xml StartCom.xml Centos.xml LinuxFoundation.xml Statcounter.xml CheckPoint.xml LinuxFR.xml Stevens.xml ChillingEffects.xml LiveJournal.xml StumbleUpon.xml Chronicle.xml Live.xml Swiss.xml Cisco.xml LKML.xml Symbian.xml Citizensinformation.ie.xml Loopt.xml Target.xml CJ.xml LoveFilm.xml TAZ.xml Cloudfront.xml LWN.xml Teamviewer.xml comdirect.xml MacWorld.xml Teamxlink.xml CommonDreams.xml Magento.xml TechCrunch.xml CommuniGate.xml Magnatune.xml TheAA.xml ComputerWorld.xml Magnet.ie.xml ThePrivacyBlog. +xml Continental.xml Mail.com.xml Three.xml Couchsurfing.xml MapQuest.xml T-Mobile.xml CPJ.xml Marxists.xml Todoist.xml CPSC.xml Match.xml Todoly.xml CreativeCommons.xml Maxmind.xml Tor2Web.xml CTunnel.xml MayFirstPeopleLink.xml Torproject.xml Daft.ie.xml Medikamente-Per-Klick.xml Torrentz.xml Daily.xml Meebo.xml Trashmail.xml DALnet.xml Mibbit.xml TweetDeck.xml DealExtreme.xml Microsoft.xml Twitpic.xml DebianLists.xml MijnING.xml Twitter.xml DemocracyNow.xml Miles-and-more.xml Typepad.xml Demonoid.xml Miranda-IM.xml UbuntuOne.xml DepositProtection.xml ModSecurity.xml UiO.xml Digitec.xml Moneybookers.xml Underskog.xml Diskusjon.xml Mozdev.xml United.xml Dittdistrikt.xml Mozilla.xml UNM.xml DnBNor.xml Mpx.xml UOregon.xml Dotster.xml MyCharity.ie.xml USPS.xml Dreamwidth.xml My-Files.xml UsrJoy.xml Dropbox.xml MyPoints.xml uTorrent.xml DropDav.xml MyUHC.xml Verizon.xml Drupal.xml MyWOT.xml VideoLAN.xml DTunnel.xml NameCheap.xml Vimeo.xml DuckDuckGo.xml NameCom.xml VirusTotal.xml DVDFab.xml Names.xml Vitelity.xml EasyNews.xml NationalArchivesGovUK.xml Vodafone.xml EFF.xml NationalLottery.xml VolcanoEcigs.xm +l Egg.xml Nederland.xml VolkswagenBank. +xml eHow.xml Netflix.xml Vonage.xml Ehrensenf.xml Nettica.xml VTunnel.xml EnergyStar.xml NetworkWorld.xml Vuze.xml Enom.xml Netzpolitik.xml VZNetzwerke.xml EPA.ie.xml Next.xml WashingtonPost. +xml EPEAT.xml NLG.xml Web.de.xml Epson.xml NL-Politiek.xml WellsFargo.xml Erowid.xml Noisebridge.xml Weltbild.xml ESB.ie.xml Nokia.xml WestlandUtrecht +.xml ESISS.xml NottinghamAC.xml WhatCD.xml Eventbrite.xml NTU.xml WhatIsMyIP.xml Evernote.xml NYTimes.xml Wiggle.xml EzineArticles.xml NZBIndex.xml Wikipedia.xml EZTV.xml Olark.xml WinPcap.xml Facebook.xml OneHub.xml Wippies.xml Fastmail.xml Oomphme.xml Wireshark.xml FAZ.xml OpenDNS.xml Woot.xml FB-extra.xml OpenID.xml WordPress.xml Fedora.xml Open-Mesh.xml WSWS.xml Fefe.xml OpenSSL.xml Xing.xml Feide.xml OpenStreetMap.xml xkcd.xml FFMPEG.xml OpenVPN.xml Xmarks.xml FiannaFail.xml Opera.xml XOSkins.com.xml Finn.xml Orange.xml XS4ALL.xml FiveTV.xml OverClockers.xml Yaha.xml Flattr.xml Ovh.xml Yandex.xml FluxBB.xml OxfamIrelandUnwrapped.xml YFrog.xml Freelancer.xml OzBargain.xml Your-Freedom.xm +l Freenet.xml Pandora.xml Zimbra.xml Freitag.xml PassThePopcorn.xml Zoho.xml Fridge.xml Passwordcard.xml ZTunnel.xml $
--
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re^4: Requiring old password in order to change your password (https)
by tye (Sage) on Jan 03, 2011 at 15:12 UTC | |
|
Re^4: Requiring old password in order to change your password (https)
by Xilman (Hermit) on Jan 07, 2011 at 13:12 UTC |
In Section
Perl Monks Discussion