That's basically what we are going to have to do. There will be trade offs (carving time out of our roadmap, etc) and it's going to be a pita, but our space is one where some moron is going to sniff out a bunch of logins at a conference and pull some epic trolling and we'll have to spend time deleting the crap.
It's a shame that we can't go all SSL, but that's just the way it will have to be. The best we can do is make it difficult to hijack access to our tools that require elevated permissions.
It's a shame that we can't go all SSL, but that's just the way it will have to be. The best we can do is make it difficult to hijack access to our tools that require elevated permissions.