Taxis and security
It is quite encouraging that citizens taxed in Greece are able to file their tax reports through the Web, at the Taxis Website. Sadly, it has been reported that standard-compliant Web browsers are not supported by the Taxis Website. If you are affected, do complain about it! If you file taxes and you are affected, file a report.
Let’s see some more issues.
A. The main login page is not configured properly with regards to the autocomplete feature found in modern browsers; as is, your username and password get saved by default in your browser. If your computer is stolen or a trojan horse gets installed on your computer, your tax details are gone! 🙁
The Web developer should modify the HTML code from
< span class=“textblue2″>< b>user name: b>span> < input type=“text” name=“username” maxlength=“40″ size=“15″ value=“testing”> < P>< span class=“textblue2″>< B>password:B>span> < input type=“password” name=“password” maxlength=“40″ size=“17″ value=“testing”>
< span class=“textblue2″>< b>user name: b>span> < input type=“text” name=“username” autocomplete=“off” maxlength=“40″...
< P>< span class=“textblue2″>< B>password:B>span> < input type=“password” name=“password” autocomplete=“off” maxlength=“40″...
B. The page http://webtax.gsis.gr/taxisnet/login.do claims that users are protected by Verisign (SSL/TLS). Quite sadly, the intent has probably been that users will connect through the proper URL, at https://webtax.gsis.gr/taxisnet/login.do. Dear Taxis, you should place an HTTP redirection to move all users to the SSL/TLS-protected URL. You are in breach of your Verisign license!
I will follow on the above report here.
Actually, it would be much better if the web server is SSL/TLS only (no plain HTTP version available). The web server should be configured at any access to a URL under http://webtax.gsis.gr/… should redirect to https://webtax.gsis.gr/.
C. What is worst of all, the website provides content in the 8859-7 8-bit legacy encoding. It is much better to convert to Unicode and UTF-8. I do not know if users have to write text in Greek for their tax forms…
I don’t file taxes so I am not sure if there are more issues once you logon.
Update: The http://webtax.gsis.gr/taxisnet/login.do URL does not work anymore (it forwards to another Website which is down). I did not hear back from Verisign; it’s possible that the two events are linked together.