20 May 2005

Feedburner: What's worse than an error message?

An error message that auto-displays a password and sign-in ID in the URL!

Condition: Normal sign-in; IE 6.0


Error Message During Sign-In


Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@feedburner.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


---------------------------------------------

Apache Server at www.feedburner.com Port 443


Then I noticed this in the URL:


URL Displaying Sign-In and Password




https://www.feedburner.com/fb/a/loginSubmit?userId= [ OOPS ] &password= [ OOPS ]



Given the reality of Spyware and Desktop monitoring, I would prefer that the URL not contain a password; or if there is data shown, that it be encrypted; and that others using the same URL later will not be able to simply click on the link to read the access code.

-- This is the end of the content --
An error message that auto-displays a password and sign-in ID in the URL!

Condition: Normal sign-in; IE 6.0


Error Message During Sign-In


Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@feedburner.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


---------------------------------------------

Apache Server at www.feedburner.com Port 443


Then I noticed this in the URL:


URL Displaying Sign-In and Password




https://www.feedburner.com/fb/a/loginSubmit?userId= [ OOPS ] &password= [ OOPS ]



Given the reality of Spyware and Desktop monitoring, I would prefer that the URL not contain a password; or if there is data shown, that it be encrypted; and that others using the same URL later will not be able to simply click on the link to read the access code.

-- This is the end of the content --
" />