I'm trying to setup a Salesforce Site that will enable a user to create new Customer Portal user accounts and to login using those accounts.  My question is:  During registration and login, how can I ensure that passwords are not sent across the Internet in plain text?

Hi all,

I have a VF Page called SiteLogin which includes a component called SiteLogin.

The component is tied to a controller named SiteLoginController.

Now, when I type in my username and password in the form (component) and hit the login button all is well and I'm logged in.

I've tried to build a bit further on this controller so that in the constructor of the controller checks the URL parameters. If a username and password is found the login method is called. This also works as intended but I get the following error message back:

Error:This form must be secure. Use the 'forceSSL' attribute and set it to 'true.'

In the form-tag of the SiteLogin Component forceSSL is set to true. As a bit of additional info I can mention that Setup --> Develop --> Site --> Login Settings --> Require Non-Secure Connections (HTTP) is unchecked.

The same goes for Setup --> Security Controls --> Seesion Settings --> Require secure connections (HTTPS). So, this is also unchecked.

Checking either one of them didn't solve the problem for me.

If someone can tell me why (and how to go around this error) I would really appreciate it.

Thanks.

/Søren Nødskov Hansen