• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


HTTPS for tyrant.gg
#1
Sup, is there any reason we aren't using HTTPS for the Forums?
If costs for SSL-certificates are the issue, then you could just use https://letsencrypt.org/ (comes with instructions to set up a bot etc.)

I mean, not a lot of people care about security, but sending login credentials over an unsecured HTTP connection is kinda bad (interception being the main issue here)
[-] The following 1 user says Thank You to KrypTheBear for this post:
  • DoctorB0NG
Reply
#2
Done.  For now ssl and non-ssl will both work.  Some of the content is still served through http which you can see by hitting F11 in Chrome and looking at how all the content made it to your client.  Most of the content served via plain HTTP is related to the steam plugin alone.

The import stuff (credential handshake) is done via SSL.  

I will force TLS 1.0+ and fix the content serving and then HTTPS will be forced.  I will make HTTP redirect to HTTPS through the Apache mod_rewrite addon with rewrite rules.

EDIT: also in case anyone is wondering, passwords are all hashed and are not stored anywhere in plain text at any point during the signup/authentication process.
[-] The following 2 users say Thank You to DoctorB0NG for this post:
  • Fitzlestick, KrypTheBear
Reply
#3
Thanks buddy ol' pal
Reply

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  




Users browsing this thread:
1 Guest(s)

   
ABOUT US
DoctorB0NG is a giant noob. Legends foretold of his noobiness and warned the current generation of gamers to avoid him. If you encounter this player, please vote kick them while chanting "DOWN WITH B0NG!" repeatedly. This should lower their morale and make them quit before B0NGpacolypse occurs again.