cryogenic
Distinguished
[citation][nom]ThisIsMe[/nom]...Today Company X failed to imagine this one scenario that left users vulnerable when this one thing that COULD happen if some bad people ....[/citation]
Sending authentication tokens using plain HTTP, is not an imagination fail, it's a BIG EFING security fail. You learn this kind of stuff in the security kinder garden. Big fail Google! Big Fail sending authentication info on unsecured channels.
You really can't get any more basic than this when it comes to security, plain ans simple: don't send sensitive information over non secured channels.
Sending authentication tokens using plain HTTP, is not an imagination fail, it's a BIG EFING security fail. You learn this kind of stuff in the security kinder garden. Big fail Google! Big Fail sending authentication info on unsecured channels.
You really can't get any more basic than this when it comes to security, plain ans simple: don't send sensitive information over non secured channels.