I recently had a penetration test done on a website that came back great results, but the staging server came back with some flags.
The provider’s staging environment is using HTTPS, but its showing as not secure when you’re typing in the Basic Authorization Login/Pass to view the staging website. I’ve submitted the issue to support and they said “Use a really long password”, but if its HTTP, it would still be not safe?
I’m not sure if I’m allowed to list the provider here, but they do a lot of CLOUD things and have come a long WAY.
Anyone with a better grasp of security know if this is anything to be worried about?
View Reddit by nw-web-design – View Source