The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

    • RT @michaelbolton: 1) Your periodic reminder: a test is not something we *write*. We write text and programs. A test is an experiment you *… 31 minutes ago
    • RT @BiancaPrins: Voor ons allemaal, een #draadje om tot het einde te lezen..... Juist nu (Volgt nog meer in de komende dagen)… 32 minutes ago
    • RT @McKayMSmith: 90) His entire life, Ben has chosen to place his faith in the law. “Law, not war” has been his motto for decades. “I hav… 32 minutes ago
    • RT @McKayMSmith: 82) “It's possible to take the most fundamental, strongly held ideas and change them. What makes people change? Sometimes… 34 minutes ago
    • RT @McKayMSmith: 65) “Now I will tell you something very profound, which I have learned after many years. War makes murderers out of otherw… 36 minutes ago
  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,640 other followers

QC does this logon call to

Posted by jpluimers on 2017/06/09

I drafted this in 2014 and given the recent QC news:

I was quite shocked to see that the Embarcadero QC client logs in over HTTP, not over HTTPS, especially since it passes the password in plain text.

QC does this logon call to

Time to cut down on my usage of QC.


via: QC does this logon call to

3 Responses to “QC does this logon call to”

  1. Jeffrey Dyer said

    Do you really use the same login details for your online banking and Embarcadero account?

    • jpluimers said

      I don’t. But the EDN account has all your product license information attached to it.

      It isn’t rocked science to put an internal site behind TLS either: encapsulates my (non TLS) ContinuaCI site.

      Such a solution is common practice in IT infrastructure called TLS/SSL offloading/acceleration/termination.

      If a company cannot or does not want to provide TLS/SSL for credentials, it is a clear admission of their IT incompetence.

      In their current state, it’s just a matter of time until they get a GPDR fine (see the comment by KMorwath in this thread and

      • Jeffrey Dyer said

        “I don’t. But the EDN account has all your product license information attached to it.”

        Good point.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: