SSL for Forum

Got something on your mind about the project? This is the correct place for that.
Forum rules
This forum is for feature requests, content changes additions, anything not a Bug in the software.
Please report all bugs on the Support Forums
Post Reply
EchoLynx
Newly Registered User
Posts: 7
Joined: Sun Jul 03, 2011 10:51 pm

SSL for Forum

Post by EchoLynx » Sun Jul 03, 2011 11:00 pm

I highly recommend using SSL for the forum. In fact, I highly recommend using SSL for the transmission of all user credentials. Too many people use a single password for all their accounts, and in these cases it only takes one unsecured board for a whole internet identity to be hijacked. Sure, people should be more aware of where they put their information, but considering we are building a game, we cannot assume the user will posses that awareness.
User avatar
o11c
Knight
Knight
Posts: 2262
Joined: Sun Feb 20, 2011 10:09 pm
Location: ^ ^

Re: SSL for Forum

Post by o11c » Mon Jul 04, 2011 1:53 am

I agree, and I remember reading that it's not hard to set up.

As a security-conscious person, I use a different password for everything. That being said, I really just assumed that the website did the right thing, which I should not. (/me gripes about chromium not being as distinct as firefox with https: vs http: urls)

It is not feasible to encrypt the in-game password at this time.
Former programmer for the TMWA server.
EchoLynx
Newly Registered User
Posts: 7
Joined: Sun Jul 03, 2011 10:51 pm

SSL Certificate

Post by EchoLynx » Mon Jul 04, 2011 1:35 pm

That said, I think their might be some cost involved. I have never set up a website with SSL before, but I think it needs to be digitally signed by a trusted authority, and I think they charge for the service.

*does quick research*

Then again, they may not: http://www.comodo.com/business-security ... ee-ssl.php
Ian
User avatar
Platyna
Knight
Knight
Posts: 2213
Joined: Sat Nov 19, 2005 2:19 pm
Location: Poland
Contact:

Re: SSL for Forum

Post by Platyna » Sat Jul 16, 2011 8:23 pm

The network, the server and the forum are under my administration. Yes, many users use one password for everything, and SSL will not help them anyway. Using SSL for a public forums is pointless.

Regards.
Zuzanna K. Filutowska
[The rest of this signature was censored by TMWC's "Freedom" and "Free speech".]
User avatar
Crush
TMW Adviser
TMW Adviser
Posts: 8046
Joined: Thu Aug 25, 2005 5:08 pm
Location: Germany

Re: SSL for Forum

Post by Crush » Sat Jul 23, 2011 10:34 am

The web would be a better and much safer place when everyone would use just https instead of http. A self-signed certificate doesn't prevent men-in-the-middle attacks where the attacker can change the transmission, but it does allow encryption which prevents passive eavesdropping which is better than nothing.

But unfortunately there are some technical difficulties with https which prevent widespread use of it. The most important is being unable to use different certificates for different websites running on the same IP and port. I think this is the main issue Platyna is having with enabling https for a single service running on her server.
  • former Manasource Programmer
  • former TMW Pixel artist
  • NOT a game master

Please do not send me any inquiries regarding player accounts on TMW.


You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
User avatar
o11c
Knight
Knight
Posts: 2262
Joined: Sun Feb 20, 2011 10:09 pm
Location: ^ ^

Re: SSL for Forum

Post by o11c » Wed Jul 27, 2011 2:34 am

Crush wrote:The most important is being unable to use different certificates for different websites running on the same IP and port.
Historically, true, but no longer accurate.
http://en.wikipedia.org/wiki/Transport_ ... al_servers
Former programmer for the TMWA server.
Post Reply