1
Hi
Using XOOPS 2.0.18.2, the default login block is conducted over plain, unencrypted, http instead of https.
I know that XOOPS uses the PHP md5crypt() function for converting the string to an MD5 value for storage in the database.
Prior to the string arriving at the server though, the login form can be intercepted? So why is https not used by default for the login block, in the same was as it is for Yahoo and Hotmail logins?