I have brought this up a couple of years ago already. But nothing seems to have changed. Did anybody notice the lack of HTTPS over the entire backend of Zenfolio (that is the Zenfolio Interface of the Edit/Customize View)?
Nobody thinks this is maybe a serious neglect?
There is a reason why even the most notorious sites (Google, Facebook etc) have meanwhile fully integrated and defaulted to HTTPS as the standard for browsing and using their services.
Imagine: you login to your Zenfolio account through a public Wifi network. Most of these networks will be unencrypted. ( And I bet most of the Zenfolio users, let alone their customers, do not [want to] know a thing about this. ) Your login and Zenfolio traffic can be easily captured by anybody in the same network – because Zenfolio still hasn´t got HTTPS in place. This is not a fairytale – but it is an actual threat to your account and your data (source images).
In combination with the lack of a strong two-way-authentication on the Zenfolio system, the slack approach of Zenfolio to securing Zenfolio accounts asks for trouble: the likelihood of a hijacked account increases, because of the lack of these basic security features. It is your source images we are talking about here.
Or: A client logs in to a gallery and does so via a public network. Same problem: the login page is not secured. The login is fairly easy to capture.
What we see instead is a wild patchwork of pages of the Zenfolio backend interface that work through HTTPS, like initially calling up your Edit view this way:
The interesting thing here is: The Zenfolio backend actually has been working through HTTPS for years now. Technically, there seems to be no reason not to fix all those hard-coded links to unsecured HTTP pages and functions that populate the interface of the backend.