Hi Mainstreet Affiliates Team,
I recently logged into my Mainstreet Affiliates account to check if there was any activity from the past traffic I had sent to you, and I noticed a pretty serious security issue. The username and password are being passed in the URL parameters (?afflogin=xxx&affPwd=xxx).
This is not only bad practice, but it also represents a serious security risk. Credentials can be stored in browser history and server logs. Login credentials should never be sent via URL parameters — instead, they should be transmitted securely via POST requests over HTTPS.
I just noticed this now, not sure how long it has been going on, but this clearly puts affiliates at risk — could you please check this with your dev team ASAP?
Just wanted to flag this for the community and the team, so everyone is aware and it can be addressed.
I recently logged into my Mainstreet Affiliates account to check if there was any activity from the past traffic I had sent to you, and I noticed a pretty serious security issue. The username and password are being passed in the URL parameters (?afflogin=xxx&affPwd=xxx).
This is not only bad practice, but it also represents a serious security risk. Credentials can be stored in browser history and server logs. Login credentials should never be sent via URL parameters — instead, they should be transmitted securely via POST requests over HTTPS.
I just noticed this now, not sure how long it has been going on, but this clearly puts affiliates at risk — could you please check this with your dev team ASAP?
Just wanted to flag this for the community and the team, so everyone is aware and it can be addressed.
