Hosting OnNet



  • Just tried to log in to Hosting OnNet's control panel to work on a friend's webpage.  Yeah, we've seen this too many times; I'm just venting because this pisses me off.








  • The Real WTF is that your password is too short.

    SCNR



  • [quote user="OpBaI"]The Real WTF is that your password is too short.

    SCNR[/quote]

    Completely missing the fact that it's being sent in the query string instead of with a POST request!

     



  • [quote user="Casiotone"]

    [quote user="OpBaI"]The Real WTF is that your password is too short.

    SCNR[/quote]

    Completely missing the fact that it's being sent in the query string instead of with a POST request!

     Well, at least it IS https, but still you're right.  WTF?
     

    [/quote]



  • HTTPS or not, what happens if someone's watching over your shoulder, if you bookmark in without thinking, someone reads your history, or any other number of ways that it can be read. I'll bet as well that the textbox for entering your password is starred, despite that they show it cleartext later on.

     

    There's just no excuse for doing that.



  • The Real WTF is the opening poster's Firefox theme.



  • [quote user="jesuswaffle"]The Real WTF is the opening poster's Firefox theme.
    [/quote]

    Psst, there are browsers other than Firefox you know.



  • Indeed. The error page is from Opera. (Your Opera link is messed up, by the way. You need to add http: or the browser will read it as a relative link like http://thedailywtf.com/forums/www.opera.com. Try http://www.opera.com)

     


    By the way, does SSL encrypt the URL too? Otherwise, the whole https thing is pretty darn pointless...
     



  • [quote user="Arancaytar"]By the way, does SSL encrypt the URL too? Otherwise, the whole https thing is pretty darn pointless...[/quote]

     Yes, I think so. So at least this WTF is only vulnerable to people who are actually on your computer (in person or via a virus), not to packet sniffing. But it's still pretty big!
     


Log in to reply