[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Fwd: Website not secured

From: Simon MORLAT
Subject: Re: [Linphone-developers] Fwd: Website not secured
Date: Thu, 1 Dec 2016 12:04:57 +0100


Thank for you for noticing that the page free-sip-service.html was not served forcibly over https.
We just modified the apache configuration and our script and now it works over https.
The password choosed by users is stored in ha1 format in the database.
Best regards,


2016-11-30 17:18 GMT+01:00 Ovopack <address@hidden>:

I've just got the answer to my second question : NO!

A robot just sent me bask my password via mail... no serious!

-------- Forwarded Message --------
Subject: Website not secured
Date: Wed, 30 Nov 2016 17:14:44 +0100
From: Ovopack <address@hidden>
To: address@hidden

Hi the developper team.

After registering in your website to get a sip adress, i've been 
surprised to see that your website in not secured!

How can you accept to let the users subscribe to use Linphone (a good 
app that can use a crypto algorythm) if the connection to register in 
not even secured by SSL?

In your database, are the passwords hashed (SHA) or let in a visible way?

Because of this 2 points, some may says that there is no difference 
between Skype (as everybody know to be spy) and Linphone.

I let you check the attachement picture.

Otherwise, keep going, that a nice app!

Regards, Ovopack.

Linphone-developers mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]