Forum doesn't use HTTPS
Forum doesn't use HTTPS
Just made an account and noticed the site doesn't use HTTPS, so all your account details including the password are sent unencrypted, seriously, WTF?
Automatic Belt (and pipe) Planner—Automate yet another aspect of constructing your factory!
Re: Forum doesn't use HTTPS
While I agree using ssl encryption is preferable I don't think "seriously, WTF" is a justified response,
considering that the vast majority of the web doesn't use it (https://www.trustworthyinternet.org/ssl-pulse/).
After all, SSL certificates are expensive.
I think it's rather safe to assume that factorioforums.com isn't where you're gonna be sending your most critical data.
considering that the vast majority of the web doesn't use it (https://www.trustworthyinternet.org/ssl-pulse/).
After all, SSL certificates are expensive.
I think it's rather safe to assume that factorioforums.com isn't where you're gonna be sending your most critical data.
OS: Linux Mint 19 x64 | desktop: Awesome 4.2 | Intel Core i5 8600k | 16GB DDR4 | NVidia GTX 1050 Ti (driver version: 410.104) (2019-03)
Re: Forum doesn't use HTTPS
Sending passwords in plain text is bad. "Other sites are doing it wrong, too" is not a valid excuse.
The login on factorio.com is using SSL so doing it right seems to be possible.
The login on factorio.com is using SSL so doing it right seems to be possible.
Automatic Belt (and pipe) Planner—Automate yet another aspect of constructing your factory!
Re: Forum doesn't use HTTPS
yes, i'm putting it to our internal issues list, but it's sitll fairly low priority.prg wrote:Sending passwords in plain text is bad. "Other sites are doing it wrong, too" is not a valid excuse.
The login on factorio.com is using SSL so doing it right seems to be possible.
Re: Forum doesn't use HTTPS
you have for 35euro a simple https certificate for one year.Gandalf wrote:While I agree using ssl encryption is preferable I don't think "seriously, WTF" is a justified response,
considering that the vast majority of the web doesn't use it (https://www.trustworthyinternet.org/ssl-pulse/).
After all, SSL certificates are expensive.
I think it's rather safe to assume that factorioforums.com isn't where you're gonna be sending your most critical data.
higher certificates are more expencive
here is where i buy my certificates in the netherlands.
https://www.sslcertificaten.nl/SSLCerti ... ndaard_1_1
Re: Forum doesn't use HTTPS
You can get a free cert for this basic "passwords not sent in cleartext" purpose.
Ever heard of StartSSL or what was its name?
Ever heard of StartSSL or what was its name?
Re: Forum doesn't use HTTPS
Bump.
The "Let's Encrypt" certification authority is now available for everyone.
The goal of that project is free certificates + automatic expiration-handling tools
The "Let's Encrypt" certification authority is now available for everyone.
The goal of that project is free certificates + automatic expiration-handling tools
Re: Forum doesn't use HTTPS
*bump*
FFS guys, get this fixed!
Here's the link to Let's Encryt. You can get a free certificate in minutes.
You're going Steam - what do you think will happen if the new users come over here.
We backers are probably inherently more forgiving but that's a new wave of new users, some not so forgiving and quite more than a few with proper skills.
You're not in a garage anymore - you're appearing on Steam
Sending passwords unprotected, unencrypted and sniffable is not funny.
Heck - it's just a checkbox I have to check here to see it when it goes over the wire; and I'm not even trying.
FFS guys, get this fixed!
Here's the link to Let's Encryt. You can get a free certificate in minutes.
You're going Steam - what do you think will happen if the new users come over here.
We backers are probably inherently more forgiving but that's a new wave of new users, some not so forgiving and quite more than a few with proper skills.
You're not in a garage anymore - you're appearing on Steam
Sending passwords unprotected, unencrypted and sniffable is not funny.
Heck - it's just a checkbox I have to check here to see it when it goes over the wire; and I'm not even trying.
pic
Re: Forum doesn't use HTTPS
Shame!
Re: Forum doesn't use HTTPS
Certificates are free these days, and with a real Steam release coming, there is zero excuse to remain on unsecure http. It's a disservice to loyal fans at this point.
Factorio should be using HTTPS.
Factorio should be using HTTPS.
Re: Forum doesn't use HTTPS
I admit that as time has passed, I think the priority should have raised to "fairly low" to "freaking high".
I know Steam release has needed a lot of work from the dev team, but this should have been included in Steam release.
I know Steam release has needed a lot of work from the dev team, but this should have been included in Steam release.
Koub - Please consider English is not my native language.
-
- Filter Inserter
- Posts: 478
- Joined: Sat Aug 23, 2014 11:43 pm
- Contact:
Re: Forum doesn't use HTTPS
Success!
Kind of a brave move implementing it just before the steam realease as it could screw up a few things if done inproperly.
Kind of a brave move implementing it just before the steam realease as it could screw up a few things if done inproperly.
Waste of bytes : P
Re: Forum doesn't use HTTPS
This is very well played. Once again, Wube software has proved they know how to act responsibly, and do so.
Congrats
Congrats
Koub - Please consider English is not my native language.
-
- Fast Inserter
- Posts: 171
- Joined: Sun Feb 17, 2013 4:31 pm
- Contact:
Re: Forum doesn't use HTTPS
Awesome guys, Thanks!
Re: Forum doesn't use HTTPS
now using the subdomain instead of new domain.
Now it's clear this is the official forum.
Now it's clear this is the official forum.
-
- Filter Inserter
- Posts: 668
- Joined: Fri Sep 05, 2014 7:34 pm
- Contact:
Re: Forum doesn't use HTTPS
There is absolutely no reason for this.mophydeen wrote:now using the subdomain instead of new domain.
Now it's clear this is the official forum.
Re: Forum doesn't use HTTPS
Yes there is, as the certificate now used on the forums only applies to *.factorio.com and the easiest way to switch the forum to HTTPS was to use the certificate they already had for the website used as certificate for the forums. Why have two certificates when one does the job?Kane wrote:There is absolutely no reason for this.mophydeen wrote:now using the subdomain instead of new domain.
Now it's clear this is the official forum.
Re: Forum doesn't use HTTPS
My crusade has come to an end. Now I can lay down and rest in peace.
Thx!
PS: about that HTTP/2 thing...
Thx!
PS: about that HTTP/2 thing...