Description of Problem: Both the /join process as well as simply logging into the site should be done via SSL, as otherwise it is quite easy to sniff the packets, thus retrieving both the username and password of the user. How Reproducible: Steps to Reproduce: 1. 2. 3. Actual Results: Expected Results: Additional Information:
Still an issue.
Yep, still there.
This solution depends on a resolution to the issue of what to do with banner ads when a user is on ssl. In talking with Rob Byars and Aragorn we decided that no doubleclick ads would be displayed when people were using ssl. When the component for this is built, we should be able to move back to using ssl for login and once logged in.