doing that from the other end of the internet is not trivial

Depends if your room mate is as knowledgeable and careful as you are. If I can infiltrate his machine -- or any of the other 250 on your local subnet -- I can monitor your traffic.

For a site that has the claimed and demonstrated website expertise as this place; "the framework doesn't allow for this" is a pathetic excuse.

A secure login doesn't have to be a part of the "framework"; it could be a completely standalone process that sets a flag somewhere accessible from the framework.

That's all it would take! (That is doesn't exist, is pathetic!)

I have to agree with BrowserUK here...

What's preventing us from using SSL? Is it the cost? Of what? The certificate, or the implementation of one?

The bigger issue... what about adding in a 'plugin' or 'layer' to when you first hit PM to do auth?

I've never looked at the PM code before, but I will after my current project is completed (ie. stable for public use). I've been working on a bunch of auth scenario-type stuff at $work lately (in Python, not Perl), but perhaps we could come up with enough people to form a task force of some sort to resolve this issue.

The ease of implementation of course would be determined by how deeply the existing code relies upon the mechanism(s) we now have.

What's preventing us from using SSL? Is it the cost? Of what? The certificate, or the implementation of one?

The reason for everything is gods

FWIW, I can go to https://perlmonks.org and login, sure its for/with pair.com certificate, but it "works"

but perhaps we could come up with enough people to form a task force of some sort to resolve this issue....

Hahaha a newborn noob, naive ** naive