foreclojure-android
foreclojure-android copied to clipboard
Security: Password sent in the clear
In api/login, password and username are sent to the server in plaintext via http (unencrypted).
This could be improved by using https instead to establish a secure channel. Otherwise, please at least let the user know about this fact unmistakably on the login page.
Thanks!