Unable to Sign In to api.Biblia.com - Page just reloads

Page 1 of 1 (7 items)
This post has 6 Replies | 3 Followers

Posts 41
Preston Davis | Forum Activity | Posted: Wed, Aug 25 2010 7:34 PM

Greetings,

 

So far I've been unable to even sign-in get an API key. The sign-in page just...reloads.

Please advise.

Preston

Posts 41
Preston Davis | Forum Activity | Replied: Wed, Aug 25 2010 7:35 PM

OK, just found out that this appears to have something to do with Firefox (ver. 3.6.8) on Win7 Home Premium 64bit. IE 8 Works just fine.

Sincerely,

Preston

Posts 408
LogosEmployee
Bryan Smith | Forum Activity | Replied: Thu, Aug 26 2010 1:40 PM

Thanks for the report, Preston. I'll check it out.

Posts 7
sparky46er | Forum Activity | Replied: Tue, Sep 14 2010 7:32 AM

It does not work for Firefox 3.6.8 on Max OS X 10.6.4.

I disabled all add-ons and plugins and still only got a login page refresh.

When I went to Safari - no problems -worked fine.

Posts 973
LogosEmployee
Dave Dunkin (Faithlife) | Forum Activity | Replied: Tue, Sep 14 2010 9:19 AM

Works for me with Firefox 3.6.9 on Mac. It may be a problem with 3.6.8.

Posts 7
sparky46er | Forum Activity | Replied: Tue, Sep 14 2010 11:17 AM

Thanks for the advice. After updating to 3.6.9, making sure Mac was up to date, bouncing, and trying again - I got nowhere. A little frustrated I started in safe mode and ran tcpdump to see if I could find any issues. None really.

I decided to run in "Private Browsing" mode (not that I am that type of guy...Wink ) and was able to get past the authentication screen. I backed out of "Private Browsing", blew out all my Cache, Cookies, etc. and restarted Firefox and was able to log in w/o using "Private Browsing".

So that issue is solved.

But - I noticed that login for the api is http, not https. I never see a call to port 443 in packet capture. This concerns me because the api uses the same credentials for logos.com and every other associated logos site.

As an information security engineer (I have my CISSP, and extensive ethical hacking background ), this seriously concerns me and would like to open a dialogue about the "why" that is being done. Should I open another thread in this forum, or is this more of a problem ticket?

Let me know - thanks.

Posts 7
sparky46er | Forum Activity | Replied: Tue, Sep 14 2010 11:26 AM

Update - you can point to https://api.biblia.com- but it's an untrusted certificate because it is only good for the *.logos.com domains. That's not a trustworthy way to perform ssl/tls. It is not an expensive endeavor to purchase a new cert for the *biblia.com domain to protect end user information. 

Page 1 of 1 (7 items) | RSS