SSL for Forum
Forum rules
This forum is for feature requests, content changes additions, anything not a Bug in the software.
Please report all bugs on the Support Forums
SSL for Forum
I highly recommend using SSL for the forum. In fact, I highly recommend using SSL for the transmission of all user credentials. Too many people use a single password for all their accounts, and in these cases it only takes one unsecured board for a whole internet identity to be hijacked. Sure, people should be more aware of where they put their information, but considering we are building a game, we cannot assume the user will posses that awareness.
Re: SSL for Forum
I agree, and I remember reading that it's not hard to set up.
As a security-conscious person, I use a different password for everything. That being said, I really just assumed that the website did the right thing, which I should not. (/me gripes about chromium not being as distinct as firefox with https: vs http: urls)
It is not feasible to encrypt the in-game password at this time.
As a security-conscious person, I use a different password for everything. That being said, I really just assumed that the website did the right thing, which I should not. (/me gripes about chromium not being as distinct as firefox with https: vs http: urls)
It is not feasible to encrypt the in-game password at this time.
Former programmer for the TMWA server.
SSL Certificate
That said, I think their might be some cost involved. I have never set up a website with SSL before, but I think it needs to be digitally signed by a trusted authority, and I think they charge for the service.
*does quick research*
Then again, they may not: http://www.comodo.com/business-security ... ee-ssl.php
*does quick research*
Then again, they may not: http://www.comodo.com/business-security ... ee-ssl.php
Ian
Re: SSL for Forum
The network, the server and the forum are under my administration. Yes, many users use one password for everything, and SSL will not help them anyway. Using SSL for a public forums is pointless.
Regards.
Regards.
Re: SSL for Forum
The web would be a better and much safer place when everyone would use just https instead of http. A self-signed certificate doesn't prevent men-in-the-middle attacks where the attacker can change the transmission, but it does allow encryption which prevents passive eavesdropping which is better than nothing.
But unfortunately there are some technical difficulties with https which prevent widespread use of it. The most important is being unable to use different certificates for different websites running on the same IP and port. I think this is the main issue Platyna is having with enabling https for a single service running on her server.
But unfortunately there are some technical difficulties with https which prevent widespread use of it. The most important is being unable to use different certificates for different websites running on the same IP and port. I think this is the main issue Platyna is having with enabling https for a single service running on her server.
- former Manasource Programmer
- former TMW Pixel artist
- NOT a game master
Please do not send me any inquiries regarding player accounts on TMW.
You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
Re: SSL for Forum
Historically, true, but no longer accurate.Crush wrote:The most important is being unable to use different certificates for different websites running on the same IP and port.
http://en.wikipedia.org/wiki/Transport_ ... al_servers
Former programmer for the TMWA server.