Hi Mainstreet Affiliates Team,
I recently logged into my Mainstreet Affiliates account to check if there was any activity from the past traffic I had sent to you, and I noticed a pretty serious security issue. The username and password are being passed in the URL parameters (?afflogin=xxx&affPwd=xxx).
This is not only bad practice, but it also represents a serious security risk. Credentials can be stored in browser history and server logs. Login credentials should never be sent via URL parameters - instead, they should be transmitted securely via POST requests over HTTPS.
I just noticed this now, not sure how long it has been going on, but this clearly puts affiliates at risk - could you please check this with your dev team ASAP?
Just wanted to flag this for the community and the team, so everyone is aware and it can be addressed.
I recently logged into my Mainstreet Affiliates account to check if there was any activity from the past traffic I had sent to you, and I noticed a pretty serious security issue. The username and password are being passed in the URL parameters (?afflogin=xxx&affPwd=xxx).
This is not only bad practice, but it also represents a serious security risk. Credentials can be stored in browser history and server logs. Login credentials should never be sent via URL parameters - instead, they should be transmitted securely via POST requests over HTTPS.
I just noticed this now, not sure how long it has been going on, but this clearly puts affiliates at risk - could you please check this with your dev team ASAP?
Just wanted to flag this for the community and the team, so everyone is aware and it can be addressed.
Last edited:
