brianmaas 2 Posted June 25, 2008 Share Posted June 25, 2008 I just upgraded to a premium account. The main reason was to get SSL encryption working all the time on the web and my iphone. It doesn't seem to be forcing SSL after my logon. I can switch the url to https after I log in, but data has already passed by unencrypted. I was thinking that upgrading to premium would lock in the SSL. Is there a known issue at the moment preventing this, or is this the way it was designed to work?Also, I'm assuming that the communications between my windows client and evernote.com is now secure. Is it and how can I test it?Brian Link to comment
engberg 89 Posted June 25, 2008 Share Posted June 25, 2008 Some of the links that lead to the log in page don't use SSL, which is a mistake. As discussed in this thread, the actual login form itself submits via SSL (so your password isn't being transmitted unencrypted), but the page doesn't show this:viewtopic.php?f=30&t=6733We plan to fix this soon.There isn't really an easy way to absolutely confirm that the client is using SSL unless you are willing to install a "packet analyzer" on your computer that can look at the data going back and forth. For example, on the Mac, you could install:http://www.tastycocoabytes.com/cpa/index.phpUsing this, you could confirm that when you add a note and then sync, it only communicates on the SSL ports (443), and not plain HTTP ports (80), and that the contents of the packets don't contain legible note content.Our QA team tests with packet sniffers internally to confirm that the clients are using SSL correctly, but I realize that there isn't a very "consumer friendly" way to confirm this. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.