Stop login credentials being sent insecure (non-SSL)


Why is knack allowed to serve login pages over non-SSL connections? Doesn't this fly in the face of basic data security?

Clearly some users are going to use the same password for a knack account as for other accounts (e.g their login email) and therefore their credentials can be easily compromised in transit.

We need to be able to force redirect to the https:// login pages, always, on server side.