BASE Online payment

October 22, 2009 Comments Off on BASE Online payment

UPDATE: problem is solved and you are no longer redirected to the sitestat website anymore with username and password in cleartext. You stay within the base environment and it’s secure all the way again.

Aangezien het om een erg kortstondig incident ging, zou ik het op prijs stellen dat u de info op uw blog ofwel verwijdert ofwel update met de bovenstaande info.

Bij deze… 😉
Consultez et PayezYesterday I tweeted these just before going to bed.

“Betaal uw BASE rekeningen niet meer online (onveilige procedure), please RT”
“Ne payez plus vos factures BASE online (procédure insécure), please RT”

A couple of words on why I sent out that bold statement.
When you’re on the Base Online homepage http://www.baseonline.be/fr/index.html (or the /nl/index.html), you’ll find the form entitled “Bekijk en betaal je factuur online” or “Consultez…”. If you fill out this form, you’ll be sent to the following URL.
http://be.sitestat.com/base/baseonline/s?app_login_EBP_nl&ns_type=clickout &ns_url=[https://www.baseonline.be/app/ebp/secure_login? j_username=phonenumber&j_password=xxxxxx]

Now I don’t have a problem so much with Base having their site monitored by sitestat, but does sitestat really need my username and password, and why does all that have to be sent in the URL ànd not via https?

Advertisements

Comments are closed.

What’s this?

You are currently reading BASE Online payment at plαdys.

meta

%d bloggers like this: