[dayglored]

> SHA 256 recently implemented. Change your bookmark to HTTPS rather than HTTP. It is no longer clear text.

Excellent -- bookmarks to the login page are changed.

However, of necessity, the regular site pages -- including the forum main page "Latest Articles" -- are still using the insecure (HTTP) URL and link refs. So if I click a link to the forum main page, it's an insecure link. Then the question is, during the login negotiation where my browser (which saves my password) is queried by the server, and responds with my (saved) password, is -that- exchange done with SSL encryption. I'm guessing it is NOT.

Same for any URLs to threads that I copy from the address bar and paste into email to a friend.

Any insight?

[LesbianThespianGymnasticMidget]

Add the S. It is sitewide. Start from https://freerepublic.com/tag/*/index

Everything is SHA 256.

[rarestia]

The site connection over HTTPS (TCP 443) is secure. This ensures traffic (your whereabouts, post texts, etc.) are encrypted in transit. They’re viewable on the site, but the transmission cannot be tampered with.

The login FORM on https://freerepublic.com/perl/login is NOT secure. If I check the debugger on the site, I see three warnings:

http://freerepublic.com/l/common.css
http://freerepublic.com/l/common.js
Password field form action insecure

These three items need to be fixed in the HTML code in order to resolve this issue. Not sure if anyone has a line to Jim or John, but these are the only pieces left insecure that I can find.