The Mana World Forums

Feel the mana power growing inside you!
https://forums.themanaworld.org/

SSL for Forum

https://forums.themanaworld.org/viewtopic.php?t=13287

Page 1 of 1

SSL for Forum

Posted: 03 Jul 2011, 22:00
by EchoLynx
I highly recommend using SSL for the forum. In fact, I highly recommend using SSL for the transmission of all user credentials. Too many people use a single password for all their accounts, and in these cases it only takes one unsecured board for a whole internet identity to be hijacked. Sure, people should be more aware of where they put their information, but considering we are building a game, we cannot assume the user will posses that awareness.

Re: SSL for Forum

Posted: 04 Jul 2011, 00:53
by o11c
I agree, and I remember reading that it's not hard to set up.

As a security-conscious person, I use a different password for everything. That being said, I really just assumed that the website did the right thing, which I should not. (/me gripes about chromium not being as distinct as firefox with https: vs http: urls)

It is not feasible to encrypt the in-game password at this time.

SSL Certificate

Posted: 04 Jul 2011, 12:35
by EchoLynx
That said, I think their might be some cost involved. I have never set up a website with SSL before, but I think it needs to be digitally signed by a trusted authority, and I think they charge for the service.

*does quick research*

Then again, they may not: http://www.comodo.com/business-security ... ee-ssl.php

Re: SSL for Forum

Posted: 16 Jul 2011, 19:23
by Platyna
The network, the server and the forum are under my administration. Yes, many users use one password for everything, and SSL will not help them anyway. Using SSL for a public forums is pointless.

Regards.

Re: SSL for Forum

Posted: 23 Jul 2011, 09:34
by Crush
The web would be a better and much safer place when everyone would use just https instead of http. A self-signed certificate doesn't prevent men-in-the-middle attacks where the attacker can change the transmission, but it does allow encryption which prevents passive eavesdropping which is better than nothing.

But unfortunately there are some technical difficulties with https which prevent widespread use of it. The most important is being unable to use different certificates for different websites running on the same IP and port. I think this is the main issue Platyna is having with enabling https for a single service running on her server.

Re: SSL for Forum

Posted: 27 Jul 2011, 01:34
by o11c
Crush wrote:The most important is being unable to use different certificates for different websites running on the same IP and port.
Historically, true, but no longer accurate.
http://en.wikipedia.org/wiki/Transport_ ... al_servers
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited