FreeGameDev

Thanks for hosting these forums. Is there a chance you could add HTTPS/SSL support? It feels somewhat pointless to have to login if there's no secure transfer, and people who reuse their passwords from other websites are very much risking to leak them. A CACert signed or even self-signed certificate is better than no SSL support to me. And then there is StartSSL which signs single-domain certificates for free (but charges for revocation).

Sounds a bit OTT; is there a [greater than one user] demand for this?

Huh, account security being over the top? That's more like fundamental to me.

Don't reuse your online-banking password for gaming forum website Login is so that there is a name next to your post.

Sure, it would be nice to have a more secure setup... but IMHO it is not worth the effort, and you shouldn't be using an important password here anyways.

It would be nice but I have 0 knowledge about https and it'd all depend on whether our host admins ghoul and hagish would have any time to spend on this issue.

*kinda thread necro but i stumbled on it and feel like venting some steam regarding https*
love2d has self-signed https i think, the result is me seeing that white+yellow untrusted site warning on some win comps even with firefox, which doesn't even offer the option to store the exception permanently.
Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.
I'd think users that are so carefree to reuse valuable passwords on a non-https site would also just click ok for the certificate warning they'd get during a man-in-the-middle attack, so i don't even see the security benefit.

ghoulsblade {l Wrote}:love2d has self-signed https i think

It's signed by comodo, which might be blacklisted after the 2011 security breach though.

ghoulsblade {l Wrote}:even with firefox, which doesn't even offer the option to store the exception permanently.

Huh? Right at the bottom of the dialogue, there's a checkbox "Permanently store this exception". It's even checked by default.

ghoulsblade {l Wrote}:Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.

Depends on what you call considerable. I think some are available for about 50 € p.a. The problem is that those are only valid for one domain, so if you have subdomains (like this site does), it does get quite expensive.

There's no point. Signatures are expensive and they have problems of their own anyway... everything is fine as it is.

I'm pretty sure the OP is trying to circumvent educational/workplace restrictions.

"Permanently store this exception": it's there, but grayed out. I just checked, still that way in win7 64bit, firefox 15.0.1 .
The text says something about invalid certificate, something about the issuer being wrong.
So maybe it's not just non-verified but also somehow messed up.
Ubuntu 11.04 64bit Firefox 15.0.1 has no problem with it interestingly.
50€ per year per subdomain seems quite expensive i'd say.
A pity the self-signed things produce such a shocking feedback to non-techy users.
It would be tempting to have an encrypted connection for the sake of technology and being geeky, but i wouldn't accept even a one-time browser-alert or significant cost for it. Would feel broken if warning, and would feel non-free if payed. Meh, just rambling, never mind =)

I really wish it had HTTPS. it is inconvenient for me to have to route my traffic differently in fear of man-in-the-middle-attacks when logging into freegamedev. I'm honestly baffled that this is even an issue. I don't know any other sites I use on a monthly (probably yearly) basis that do not have HTTPS login.

With https://letsencrypt.org/, you should give this some further consideration.

Deleted.

With the server migration we will most likely have letsencrypt ssl vertificates.

With the new https support the youtube embedding broke as it tries to embed them in http only.