SSL for Forum

Got something on your mind about the project? This is the correct place for that.
Forum rules
This forum is for feature requests, content changes additions, anything not a Bug in the software.
Please report all bugs on the Support Forums
Post Reply
EchoLynx
Peon
Peon
Posts: 7
Joined: 03 Jul 2011, 22:51

SSL for Forum

Post by EchoLynx » 03 Jul 2011, 23:00

I highly recommend using SSL for the forum. In fact, I highly recommend using SSL for the transmission of all user credentials. Too many people use a single password for all their accounts, and in these cases it only takes one unsecured board for a whole internet identity to be hijacked. Sure, people should be more aware of where they put their information, but considering we are building a game, we cannot assume the user will posses that awareness.
User avatar
o11c
Knight
Knight
Posts: 2262
Joined: 20 Feb 2011, 22:09
Location: ^ ^

Re: SSL for Forum

Post by o11c » 04 Jul 2011, 01:53

I agree, and I remember reading that it's not hard to set up.

As a security-conscious person, I use a different password for everything. That being said, I really just assumed that the website did the right thing, which I should not. (/me gripes about chromium not being as distinct as firefox with https: vs http: urls)

It is not feasible to encrypt the in-game password at this time.
Former programmer for the TMWA server.
EchoLynx
Peon
Peon
Posts: 7
Joined: 03 Jul 2011, 22:51

SSL Certificate

Post by EchoLynx » 04 Jul 2011, 13:35

That said, I think their might be some cost involved. I have never set up a website with SSL before, but I think it needs to be digitally signed by a trusted authority, and I think they charge for the service.

*does quick research*

Then again, they may not: http://www.comodo.com/business-security ... ee-ssl.php
Ian
User avatar
Platyna
Knight
Knight
Posts: 2213
Joined: 19 Nov 2005, 14:19
Location: Poland
Contact:

Re: SSL for Forum

Post by Platyna » 16 Jul 2011, 20:23

The network, the server and the forum are under my administration. Yes, many users use one password for everything, and SSL will not help them anyway. Using SSL for a public forums is pointless.

Regards.
Zuzanna K. Filutowska
[The rest of this signature was censored by TMWC's "Freedom" and "Free speech".]
User avatar
Crush
TMW Adviser
TMW Adviser
Posts: 8046
Joined: 25 Aug 2005, 17:08
Location: Germany

Re: SSL for Forum

Post by Crush » 23 Jul 2011, 10:34

The web would be a better and much safer place when everyone would use just https instead of http. A self-signed certificate doesn't prevent men-in-the-middle attacks where the attacker can change the transmission, but it does allow encryption which prevents passive eavesdropping which is better than nothing.

But unfortunately there are some technical difficulties with https which prevent widespread use of it. The most important is being unable to use different certificates for different websites running on the same IP and port. I think this is the main issue Platyna is having with enabling https for a single service running on her server.
  • former Manasource Programmer
  • former TMW Pixel artist
  • NOT a game master

Please do not send me any inquiries regarding player accounts on TMW.


You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
User avatar
o11c
Knight
Knight
Posts: 2262
Joined: 20 Feb 2011, 22:09
Location: ^ ^

Re: SSL for Forum

Post by o11c » 27 Jul 2011, 02:34

Crush wrote:The most important is being unable to use different certificates for different websites running on the same IP and port.
Historically, true, but no longer accurate.
http://en.wikipedia.org/wiki/Transport_ ... al_servers
Former programmer for the TMWA server.
Post Reply