Forum doesn't use HTTPS

Discussions related to the forums itself. Call for moderators. Trash Posts area.
User avatar
prg
Filter Inserter
Filter Inserter
Posts: 947
Joined: Mon Jan 19, 2015 12:39 am
Contact:

Forum doesn't use HTTPS

Post by prg »

Just made an account and noticed the site doesn't use HTTPS, so all your account details including the password are sent unencrypted, seriously, WTF?
Automatic Belt (and pipe) Planner—Automate yet another aspect of constructing your factory!

User avatar
Gandalf
Filter Inserter
Filter Inserter
Posts: 294
Joined: Fri Dec 19, 2014 10:15 pm
Contact:

Re: Forum doesn't use HTTPS

Post by Gandalf »

While I agree using ssl encryption is preferable I don't think "seriously, WTF" is a justified response,
considering that the vast majority of the web doesn't use it (https://www.trustworthyinternet.org/ssl-pulse/).
After all, SSL certificates are expensive.
I think it's rather safe to assume that factorioforums.com isn't where you're gonna be sending your most critical data.
OS: Linux Mint 19 x64 | desktop: Awesome 4.2  |  Intel Core i5 8600k  |  16GB DDR4  |  NVidia GTX 1050 Ti (driver version: 410.104)    (2019-03)

User avatar
prg
Filter Inserter
Filter Inserter
Posts: 947
Joined: Mon Jan 19, 2015 12:39 am
Contact:

Re: Forum doesn't use HTTPS

Post by prg »

Sending passwords in plain text is bad. "Other sites are doing it wrong, too" is not a valid excuse.
The login on factorio.com is using SSL so doing it right seems to be possible.
Automatic Belt (and pipe) Planner—Automate yet another aspect of constructing your factory!

User avatar
cube
Former Staff
Former Staff
Posts: 1111
Joined: Tue Mar 05, 2013 8:14 pm
Contact:

Re: Forum doesn't use HTTPS

Post by cube »

prg wrote:Sending passwords in plain text is bad. "Other sites are doing it wrong, too" is not a valid excuse.
The login on factorio.com is using SSL so doing it right seems to be possible.
yes, i'm putting it to our internal issues list, but it's sitll fairly low priority.

rorror
Fast Inserter
Fast Inserter
Posts: 241
Joined: Fri Nov 21, 2014 9:02 pm
Contact:

Re: Forum doesn't use HTTPS

Post by rorror »

Gandalf wrote:While I agree using ssl encryption is preferable I don't think "seriously, WTF" is a justified response,
considering that the vast majority of the web doesn't use it (https://www.trustworthyinternet.org/ssl-pulse/).
After all, SSL certificates are expensive.
I think it's rather safe to assume that factorioforums.com isn't where you're gonna be sending your most critical data.
you have for 35euro a simple https certificate for one year.
higher certificates are more expencive

here is where i buy my certificates in the netherlands.

https://www.sslcertificaten.nl/SSLCerti ... ndaard_1_1

MF-
Smart Inserter
Smart Inserter
Posts: 1235
Joined: Sun Feb 24, 2013 12:07 am
Contact:

Re: Forum doesn't use HTTPS

Post by MF- »

You can get a free cert for this basic "passwords not sent in cleartext" purpose.
Ever heard of StartSSL or what was its name?

MF-
Smart Inserter
Smart Inserter
Posts: 1235
Joined: Sun Feb 24, 2013 12:07 am
Contact:

Re: Forum doesn't use HTTPS

Post by MF- »

Bump.

The "Let's Encrypt" certification authority is now available for everyone.
The goal of that project is free certificates + automatic expiration-handling tools

dee-
Filter Inserter
Filter Inserter
Posts: 414
Joined: Mon Jan 19, 2015 9:21 am
Contact:

Re: Forum doesn't use HTTPS

Post by dee- »

*bump*

FFS guys, get this fixed! :evil: :evil:

Here's the link to Let's Encryt. You can get a free certificate in minutes.


You're going Steam - what do you think will happen if the new users come over here.
We backers are probably inherently more forgiving but that's a new wave of new users, some not so forgiving and quite more than a few with proper skills.

You're not in a garage anymore - you're appearing on Steam


Sending passwords unprotected, unencrypted and sniffable is not funny.
Heck - it's just a checkbox I have to check here to see it when it goes over the wire; and I'm not even trying. :evil:
pic

ske
Filter Inserter
Filter Inserter
Posts: 411
Joined: Sat Oct 17, 2015 8:00 am
Contact:

Re: Forum doesn't use HTTPS

Post by ske »

Shame!


User avatar
Afforess
Filter Inserter
Filter Inserter
Posts: 422
Joined: Tue May 05, 2015 6:07 pm
Contact:

Re: Forum doesn't use HTTPS

Post by Afforess »

Certificates are free these days, and with a real Steam release coming, there is zero excuse to remain on unsecure http. It's a disservice to loyal fans at this point.

Factorio should be using HTTPS.

Koub
Global Moderator
Global Moderator
Posts: 7175
Joined: Fri May 30, 2014 8:54 am
Contact:

Re: Forum doesn't use HTTPS

Post by Koub »

I admit that as time has passed, I think the priority should have raised to "fairly low" to "freaking high".
I know Steam release has needed a lot of work from the dev team, but this should have been included in Steam release.
Koub - Please consider English is not my native language.

keyboardhack
Filter Inserter
Filter Inserter
Posts: 478
Joined: Sat Aug 23, 2014 11:43 pm
Contact:

Re: Forum doesn't use HTTPS

Post by keyboardhack »

Success!
Kind of a brave move implementing it just before the steam realease as it could screw up a few things if done inproperly.
Waste of bytes : P

Koub
Global Moderator
Global Moderator
Posts: 7175
Joined: Fri May 30, 2014 8:54 am
Contact:

Re: Forum doesn't use HTTPS

Post by Koub »

This is very well played. Once again, Wube software has proved they know how to act responsibly, and do so.
Congrats :)
Koub - Please consider English is not my native language.

Rockstar04
Fast Inserter
Fast Inserter
Posts: 171
Joined: Sun Feb 17, 2013 4:31 pm
Contact:

Re: Forum doesn't use HTTPS

Post by Rockstar04 »

Awesome guys, Thanks!


User avatar
Afforess
Filter Inserter
Filter Inserter
Posts: 422
Joined: Tue May 05, 2015 6:07 pm
Contact:

Re: Forum doesn't use HTTPS

Post by Afforess »

No HTTP2 support? ;)

Kane
Filter Inserter
Filter Inserter
Posts: 666
Joined: Fri Sep 05, 2014 7:34 pm
Contact:

Re: Forum doesn't use HTTPS

Post by Kane »

mophydeen wrote:now using the subdomain instead of new domain.

Now it's clear this is the official forum.
There is absolutely no reason for this.

daniel34
Global Moderator
Global Moderator
Posts: 2761
Joined: Thu Dec 25, 2014 7:30 am
Contact:

Re: Forum doesn't use HTTPS

Post by daniel34 »

Kane wrote:
mophydeen wrote:now using the subdomain instead of new domain.

Now it's clear this is the official forum.
There is absolutely no reason for this.
Yes there is, as the certificate now used on the forums only applies to *.factorio.com and the easiest way to switch the forum to HTTPS was to use the certificate they already had for the website used as certificate for the forums. Why have two certificates when one does the job?
quick links: log file | graphical issues | wiki

dee-
Filter Inserter
Filter Inserter
Posts: 414
Joined: Mon Jan 19, 2015 9:21 am
Contact:

Re: Forum doesn't use HTTPS

Post by dee- »

My crusade has come to an end. Now I can lay down and rest in peace.

Thx! ;)


PS: about that HTTP/2 thing...

Post Reply

Return to “This Forum”