Thanks, that's one step in the right direction. Additionally, it would be great to consider (optionally) allowing
https for all communications (not just logins) in your on-going security review of the site. Some claim
SSL/TLS is not computationally expensive any more but that is of course subject to
debate.
Https everywhere is getting a lot of traction and the number of sites that supports https "all the way" is large and growing. It would be great to add perlmonks.org to the list:
$ ls https-everywhere/src/chrome/content/rules/*.xml | wc -l
426
$ cd https-everywhere/src/chrome/content/rules/
$ ls *.xml
123-Reg.xml FrontlineDefenders.xml Pastebin.ca.xml
33Bits.xml Gandi.xml PayPal.xml
38.de.xml Gentoo.xml PCCaseGear.xml
3min.xml Getclicky.xml PCWorld.xml
4sevens.xml GetFirebug.xml PearsonVUE.xml
7chan.xml GiBlod.xml Ping.fm.xml
AA.xml Github.xml Pipex.xml
ABNAMRO.xml GlobeAndMail.xml PirateBay.xml
AboutMe.xml GMX.xml PirateParty.xml
AccessibilityNL.xml GoDaddy.xml Pivotaltracker.
+xml
AccessNow.xml GoogleAPIs.xml Pizzahut.xml
Adafruit.xml GoogleServices.xml Playboy.xml
Adbrite.xml Google.xml PlentyOfFish.xm
+l
AddThis.xml GovernoPortugues.xml Plus.xml
Adobe.xml Gravatar.xml Pogo.xml
Afraid.org.xml Grepular.xml Postbank.xml
Aftenposten.xml Groupon.de.xml Postfinance.xml
AirshipVentures.xml GuardianProject.xml Privacybox.de.x
+ml
Airtricity.xml Gulesider.xml PrivatePaste.xm
+l
AliceDSL.xml Heroku.xml ProjectHoneypot
+.xml
Allegro.xml Hexagon.xml Proxify.xml
All-Inkl.xml hi5.xml QIP.xml
Amazon-off-by-default.xml HMV.xml Qualys.xml
AmericanExpress.xml Homebase.xml Quora.xml
AnPost.xml Hosts.xml Quorks.xml
Ansa.it.xml Hotfile.xml Qxl.xml
Apache.xml HSBC.xml Rabobank.xml
Apple.xml HTC.xml RAC.xml
Arch.xml Hungerhost.xml RadioShack.xml
Argos.xml HurricaneElectric.xml RandomOrg.xml
Assembla.xml Hushmail.xml RapidSSL.xml
Asterisk.xml Hustler.xml RCA.org.xml
ATBank.xml Hypovereinsbank.de.xml Reddit.xml
Autistici-Inventati.xml I2P.xml RedHat.xml
Bahn.de.xml ICMail.xml RememberTheMilk
+.xml
BankofAmerica.xml Identica.xml RFC-Editor.xml
Barclays.xml IdentityTheft.xml Riga.xml
BA.xml IEEE.xml Riseup.xml
Berlin.de.xml IETF.xml RoadRunner.xml
BerliOS.xml IFA.ch.xml Robeco.xml
BinRev.xml Indymedia.xml ROBOXchange.xml
BinSearch.xml Inschrijven.xml RoyalGovUK.xml
BitBucket.xml InterNetworX.xml RubyGems.xml
Bitly.xml Interpol.xml S3.xml
BlackNight.xml IrishBroadband.xml SafariBooksOnli
+ne.xml
Blekko.xml ISIS.xml Savannah.xml
BlockBuster.xml IsoHunt.xml SBB.xml
Bloglines.xml Ixquick.xml Schneier-on-Sec
+urity.xml
Bluehost.xml JANET.xml Scroogle.xml
Boards.ie.xml Jansbrug.xml Secunia.xml
Bokelskere.xml Java.xml SecurityNL.xml
BookMyName.xml Joker.xml Sendmail.xml
Bothar.xml Jottit.xml SigmaBeauty.xml
BoxeeTV.xml JPGmag.xml SinnFein.xml
BoxUK.xml JuniperNetworks.xml Sipgate.xml
BrainBench.xml KabelDeutschland.xml SixApart.xml
Braunschweig.xml Kayak.xml Skandiabanken.x
+ml
BroadbandReports.xml KDE.xml Slo-Tech.xml
btjunkie.xml KernelOrg.xml SlySoft.xml
BTunnel.xml KLM.xml Snagajob.xml
BT.xml Komplett.xml SNSBank.xml
Buckyballs.xml Lastminute.xml so36.net.xml
BufferedIO.xml LastPass.xml SouthernElectri
+c.xml
BulkSMS.xml lawblog.de.xml SpamGourmet.xml
Bungie.xml LboroAcUk.xml Sparkfun.xml
CAcert.xml LensRentals.xml Spin.de.xml
CaceTech.xml LibraryThing.xml Springpad.xml
C-Base.xml LiftShare.xml Spyderco.xml
CCC.xml Linode.xml Srware.xml
CDT.xml Linux.com.xml StartCom.xml
Centos.xml LinuxFoundation.xml Statcounter.xml
CheckPoint.xml LinuxFR.xml Stevens.xml
ChillingEffects.xml LiveJournal.xml StumbleUpon.xml
Chronicle.xml Live.xml Swiss.xml
Cisco.xml LKML.xml Symbian.xml
Citizensinformation.ie.xml Loopt.xml Target.xml
CJ.xml LoveFilm.xml TAZ.xml
Cloudfront.xml LWN.xml Teamviewer.xml
comdirect.xml MacWorld.xml Teamxlink.xml
CommonDreams.xml Magento.xml TechCrunch.xml
CommuniGate.xml Magnatune.xml TheAA.xml
ComputerWorld.xml Magnet.ie.xml ThePrivacyBlog.
+xml
Continental.xml Mail.com.xml Three.xml
Couchsurfing.xml MapQuest.xml T-Mobile.xml
CPJ.xml Marxists.xml Todoist.xml
CPSC.xml Match.xml Todoly.xml
CreativeCommons.xml Maxmind.xml Tor2Web.xml
CTunnel.xml MayFirstPeopleLink.xml Torproject.xml
Daft.ie.xml Medikamente-Per-Klick.xml Torrentz.xml
Daily.xml Meebo.xml Trashmail.xml
DALnet.xml Mibbit.xml TweetDeck.xml
DealExtreme.xml Microsoft.xml Twitpic.xml
DebianLists.xml MijnING.xml Twitter.xml
DemocracyNow.xml Miles-and-more.xml Typepad.xml
Demonoid.xml Miranda-IM.xml UbuntuOne.xml
DepositProtection.xml ModSecurity.xml UiO.xml
Digitec.xml Moneybookers.xml Underskog.xml
Diskusjon.xml Mozdev.xml United.xml
Dittdistrikt.xml Mozilla.xml UNM.xml
DnBNor.xml Mpx.xml UOregon.xml
Dotster.xml MyCharity.ie.xml USPS.xml
Dreamwidth.xml My-Files.xml UsrJoy.xml
Dropbox.xml MyPoints.xml uTorrent.xml
DropDav.xml MyUHC.xml Verizon.xml
Drupal.xml MyWOT.xml VideoLAN.xml
DTunnel.xml NameCheap.xml Vimeo.xml
DuckDuckGo.xml NameCom.xml VirusTotal.xml
DVDFab.xml Names.xml Vitelity.xml
EasyNews.xml NationalArchivesGovUK.xml Vodafone.xml
EFF.xml NationalLottery.xml VolcanoEcigs.xm
+l
Egg.xml Nederland.xml VolkswagenBank.
+xml
eHow.xml Netflix.xml Vonage.xml
Ehrensenf.xml Nettica.xml VTunnel.xml
EnergyStar.xml NetworkWorld.xml Vuze.xml
Enom.xml Netzpolitik.xml VZNetzwerke.xml
EPA.ie.xml Next.xml WashingtonPost.
+xml
EPEAT.xml NLG.xml Web.de.xml
Epson.xml NL-Politiek.xml WellsFargo.xml
Erowid.xml Noisebridge.xml Weltbild.xml
ESB.ie.xml Nokia.xml WestlandUtrecht
+.xml
ESISS.xml NottinghamAC.xml WhatCD.xml
Eventbrite.xml NTU.xml WhatIsMyIP.xml
Evernote.xml NYTimes.xml Wiggle.xml
EzineArticles.xml NZBIndex.xml Wikipedia.xml
EZTV.xml Olark.xml WinPcap.xml
Facebook.xml OneHub.xml Wippies.xml
Fastmail.xml Oomphme.xml Wireshark.xml
FAZ.xml OpenDNS.xml Woot.xml
FB-extra.xml OpenID.xml WordPress.xml
Fedora.xml Open-Mesh.xml WSWS.xml
Fefe.xml OpenSSL.xml Xing.xml
Feide.xml OpenStreetMap.xml xkcd.xml
FFMPEG.xml OpenVPN.xml Xmarks.xml
FiannaFail.xml Opera.xml XOSkins.com.xml
Finn.xml Orange.xml XS4ALL.xml
FiveTV.xml OverClockers.xml Yaha.xml
Flattr.xml Ovh.xml Yandex.xml
FluxBB.xml OxfamIrelandUnwrapped.xml YFrog.xml
Freelancer.xml OzBargain.xml Your-Freedom.xm
+l
Freenet.xml Pandora.xml Zimbra.xml
Freitag.xml PassThePopcorn.xml Zoho.xml
Fridge.xml Passwordcard.xml ZTunnel.xml
$
--
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]