Close but no Cigar

I recently observed what I consider to be a programming oversight in an otherwise acceptable service. I am referring to Nairahost (www.nairahost.com).

They provide reasonably priced services and a convenient means of payment for us Nigerians. Granted, their hosting packages are not particularly competitive with what you obtain from companies in the US for instance, but they’re good enough, and I have nothing but praise for them.

The only thing which irks me about Nairahost is the fact that their client area (handles billing, and control panel) can sometimes embed your username and password in the URL. See image below or view http://nucco.org/nairahost.jpg :

Apparently, the developer thought that because the communication was taking place over SSL, then it was safe to put the password in the URL. Almost harmless, except that there are firewalls, bandwidth managers etc out there, which can, and do log URLs, and you can’t even begin to count the number of machines between which traffic passes before it reaches your computer, which could be logging these URLs as well.

Now I’m scared about logging in to my Client Area, and worse, with these kinds of mishaps going un-fixed, and without even a reply after I raised a ticket with customer support, I am having doubts about moving my primary email account, or any other important thing for that matter to their servers.

Update: Seems like they’ve fixed the issue. Good going.

Random quote: In this world, nothing is certain but death and taxes. — Benjamin Franklin

Leave a Reply