Use https for CAPTCHAs
jasonabc - August 21, 2009 - 22:17
| Project: | Mollom |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | postponed |
Jump to:
Description
This is really bad - login *has* to be done over https:// because the users password is being transmitted. But browsers complain that the CAPATCHA is pulled in over http:// only so throws an alert!! Doesn't look terribly professional. This is a showstopper for me. Please fix this asap!
#1
As it says on http://mollom.com/faq/does-mollom-support-ssl, this could be added eventually. I don't have any control over the Mollom servers, just the Drupal module. Marking as postponed for now.
#2
thanks Dave - yeah good point - sorry for the rant in the wrong place! Hopefully someone over there will get this sorted.
thanks!
Jason
#3
just a footnote to this - I also noticed that Internet Explorer 8 goes one further and pops open a dialog box telling the user some content on the page is not being transmitted securely and asks if they only want to see the secure content. If they click "yes" - the CAPTCHA image is not displayed meaning customers are unable to create accounts... Have emailed them (again) so hopefully this will be resolved/fixed soon.
cheers
J
#4
Same problem.
I have an https site. The link on the mollom capcha picture is to http. This is always going to give an "insecure..." popup on internet explorer.
I went to where the mollom picture was pointing, http://mollom.com/, and typed in https://mollom.com/ - there was no page there. I thought I'd give that a shot, because that's how I solved a similar problem with a paypal button.
I hate to do it, but I'm going to disable mollom.