EmailDiscussions.com - View Single Post

elvey · 30 Aug 2020, 04:21 AM

For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP.
For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew.

Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability.

30 Aug 2020, 04:21 AM	#5
elvey The "e" in e-mail Join Date: Jan 2002 Location: San Francisco Posts: 2,458	For some reason, this forum (EMD) remains vulnerable to this. Even if I specify HTTPs when coming here, I find the connection switches over to HTTP. For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew. Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability.