Use this forum to ask for new features or suggest changes to the game.
SSL Please
Mkoopajr Posts: 2
12/11/2017
|
So I've been playing the game for a little bit now and would love to support it. Can we get some SSL encryption on this site though? It's free with Lets Encrypt, just google it. Setup and everything is super simple.
|
|
0
link
|
Doctor Dread Administrator Posts: 1478
12/11/2017
|
Mkoopajr wrote:
So I've been playing the game for a little bit now and would love to support it. Can we get some SSL encryption on this site though? It's free with Lets Encrypt, just google it. Setup and everything is super simple.
SSL is something I've looked into already just haven't bothered implementing it yet. Is it just the Login you're afraid of? The payment system is done through PayPal not me, I never get anything about your payment information if thats what scaring you.
|
|
0
link
|
Mkoopajr Posts: 2
12/11/2017
|
It's a little bit of all the above. Using paypal helps with the payment thing, not reusing passwords for different things helps with the login issue, but that information is still transferred over the wire. I haven't looked into the information stored in your cookies or how you handle those, but if someone were to intercept the information gleaned could still open attack vectors on their other accounts, or (god forbid) they are reusing their password. For something that is now free and relatively easy to setup I can't justify any reason why it wouldn't be used anytime there is a login functionality on a website. It also opens up your server to attack vectors, intercepting the data over the wire if it's not encrypted they could change the information.
|
|
0
link
|
Wreith42 Posts: 58
12/12/2017
|
For what it's worth, I agree that this should be done relatively soon. I'm not saying it will prevent me from becoming a supporter soon (yay paypal), but it is disconcerting that something so basic for any site handling money in any way hasn't been done.
|
|
0
link
|
KarmicKoala Posts: 4
12/12/2017
|
I recently became a subscriber, I plan on continuing my subscription. While it didn't keep me away, it might give some less savvy people pause. When you navigate to the site on Chrome it might spit some jargon about the connection being insecure and that information might be stolen. So I think there is some merit in adding SSL in that it might help bring in new players.
|
|
0
link
|