HomeFeature Requests

Use this forum to ask for new features or suggest changes to the game.

HTTPS Support Messages in this topic - RSS

fermuch
fermuch
Posts: 1


8/6/2016
fermuch
fermuch
Posts: 1
Hello. I've been trying the beta of Baros of the Galaxy and it's great, but the only thing I feel bad about is the lack of HTTPS support.
I don't like the idea of my passwords going across the internet in plain text, so I'm suggesting to add SSL support.

With LetsEncrypt you can get a free SSL certificate, or even easier you could switch to CloudFlare DNS' and you'll also get some basic DDoS protection (also free).
0 link
CmrdRowen
CmrdRowen
Posts: 47


8/6/2016
CmrdRowen
CmrdRowen
Posts: 47
fermuch wrote:
I don't like the idea of my passwords going across the internet in plain text


Basic practice with passwords is to hash them before sending it to the server so that's not much a problem. But a packet sniffer would definitely get the http request and get your password in md5 format, not in plain text wink and that's if the guy is successful in catch it... And as you cannot directly reverse hashed password to original text, it will be more difficult to get it (not totally impossible, though, but it will certainly take time depending on how complex is your password).
0 link
Doctor Dread
Doctor Dread
Administrator
Posts: 1467


8/6/2016
Doctor Dread
Doctor Dread
Administrator
Posts: 1467
salting a one way hash of your password is what is stored on the server only protects your password if someone takes the database or gets into the machine. It doesn't stop them from logging in as you etc, they have the whole machine BUT even they will not actually be able to see your password and try your username PW combo on other sites. That ts what encrypting it on the server is for.

As fermuchis saying though, that offers no protection from you typing in your login password and hitting login on the webpage, you are SENDING it to the server in plain text where anyone who is sniffing the network can potentially see it. SSL Encryption protects that as it is sent encrypted from your machine tot he server.

SSL is something we plan to incorporate before launch, don't use your Bank of America login for the beta test please =)
0 link
Chojin
Chojin
Posts: 8


12/29/2016
Chojin
Chojin
Posts: 8
I support this idea too wink
0 link
Doctor Dread
Doctor Dread
Administrator
Posts: 1467


12/29/2016
Doctor Dread
Doctor Dread
Administrator
Posts: 1467
Chojin wrote:
I support this idea too wink


Its one of those things we plan to enable right before a launch. You should try to use your "burner" password for now =)
0 link
Razorix22
Razorix22
Posts: 13


12/21/2019
Razorix22
Razorix22
Posts: 13
Please excuse-me to dig up this topic, but any plan of implementing it ? smile
0 link
Doctor Dread
Doctor Dread
Administrator
Posts: 1467


12/26/2019
Doctor Dread
Doctor Dread
Administrator
Posts: 1467
Razorix22 wrote:
Please excuse-me to dig up this topic, but any plan of implementing it ? smile



There not only is a plan to implement it, the server itself already is running SSL on another website I control now. I plan on adding one here also soon I just haven't gotten to it yet.
0 link
unaltered
unaltered
Posts: 5


8/9/2020
unaltered
unaltered
Posts: 5
Hi,

New player - was honestly surprised to see a password field without HTTPS/SSL enabled. I would very much support this.
0 link
Doctor Dread
Doctor Dread
Administrator
Posts: 1467


8/11/2020
Doctor Dread
Doctor Dread
Administrator
Posts: 1467
This is a hot item I know. It'll come with other fixes when they happen
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software