cimentadaj
commented
6 years ago See https://github.com/cimentadaj/ess/commit/57656ffdcbac6e156752602009210238e7e9ea4f for the implementation.
Good suggestion, I had no idea of the difference between HTTPS and HTTP. Let me know if this is fine, to close the issue.
It looks like the package currently using insecure HTTP calls to authenticate the user, for example:
As well as in several other places. It appears the ESS website supports HTTPS, so it would be good to switch to that if possible. While an email address isn't exactly a super sensitive piece of data, users should be protected to the extent possible. If that's not possible, I would flag it explicitly in the README that this is passing the email address in the open.