

Is Twitch login insecure? It doesn't use https. - lanadelrey
http://www.twitch.tv/login

======
lanadelrey
I was able to sniff out my session id, however it can't be set by javascript
since it's httponly. But what about the password? I haven't found it in plain
text, so I guess it could be hashed? I'm a developer, but this is my first
time dabbling with this kind of stuff...

------
byoung2
The form is submitted to [https://secure.twitch.tv](https://secure.twitch.tv)
so it should be secure in transit, but they should just make the form use
https as well.

~~~
lanadelrey
Ahhhh that makes sense. I was incorrect in assuming the entire page had to be
https. I'm sure google will change this quick, with google+ and all.

