[DONE] Could we have SSL/HTTPS support?

[DONE] Could we have SSL/HTTPS support?

Postby tomreyn » 26 May 2012, 18:08

Thanks for hosting these forums. Is there a chance you could add HTTPS/SSL support? It feels somewhat pointless to have to login if there's no secure transfer, and people who reuse their passwords from other websites are very much risking to leak them. A CACert signed or even self-signed certificate is better than no SSL support to me. And then there is StartSSL which signs single-domain certificates for free (but charges for revocation).
tomreyn
 
Posts: 13
Joined: 22 May 2012, 12:10

Re: Could we have SSL/HTTPS support?

Postby charlie » 26 May 2012, 21:32

Sounds a bit OTT; is there a [greater than one user] demand for this?
Free Gamer - it's the dogz
Vexi - web UI platform
User avatar
charlie
Global Moderator
 
Posts: 2131
Joined: 02 Dec 2009, 11:56
Location: Manchester, UK

Re: Could we have SSL/HTTPS support?

Postby tomreyn » 26 May 2012, 21:53

Huh, account security being over the top? That's more like fundamental to me.
tomreyn
 
Posts: 13
Joined: 22 May 2012, 12:10

Re: Could we have SSL/HTTPS support?

Postby Julius » 26 May 2012, 22:18

Don't reuse your online-banking password for gaming forum website ;) Login is so that there is a name next to your post.

Sure, it would be nice to have a more secure setup... but IMHO it is not worth the effort, and you shouldn't be using an important password here anyways.
User avatar
Julius
Community Moderator
 
Posts: 3297
Joined: 06 Dec 2009, 14:02

Re: Could we have SSL/HTTPS support?

Postby qubodup » 27 May 2012, 00:25

It would be nice but I have 0 knowledge about https and it'd all depend on whether our host admins ghoul and hagish would have any time to spend on this issue. :)
User avatar
qubodup
Global Moderator
 
Posts: 1671
Joined: 08 Nov 2009, 22:52
Location: Berlin, Germany

Re: Could we have SSL/HTTPS support?

Postby ghoulsblade » 19 Sep 2012, 17:50

*kinda thread necro but i stumbled on it and feel like venting some steam regarding https*
love2d has self-signed https i think, the result is me seeing that white+yellow untrusted site warning on some win comps even with firefox, which doesn't even offer the option to store the exception permanently.
Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.
I'd think users that are so carefree to reuse valuable passwords on a non-https site would also just click ok for the certificate warning they'd get during a man-in-the-middle attack, so i don't even see the security benefit.
User avatar
ghoulsblade
Global Moderator
 
Posts: 138
Joined: 08 Nov 2009, 22:47

Re: Could we have SSL/HTTPS support?

Postby sireus » 19 Sep 2012, 19:06

ghoulsblade {l Wrote}:love2d has self-signed https i think

It's signed by comodo, which might be blacklisted after the 2011 security breach though.

ghoulsblade {l Wrote}:even with firefox, which doesn't even offer the option to store the exception permanently.

Huh? Right at the bottom of the dialogue, there's a checkbox "Permanently store this exception". It's even checked by default.

ghoulsblade {l Wrote}:Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.

Depends on what you call considerable. I think some are available for about 50 € p.a. The problem is that those are only valid for one domain, so if you have subdomains (like this site does), it does get quite expensive.
sireus
 
Posts: 109
Joined: 24 May 2011, 20:10

Re: Could we have SSL/HTTPS support?

Postby Evropi » 19 Sep 2012, 21:36

There's no point. Signatures are expensive and they have problems of their own anyway... everything is fine as it is.

I'm pretty sure the OP is trying to circumvent educational/workplace restrictions.
You just wasted 3 seconds of your life reading this.
User avatar
Evropi
 
Posts: 385
Joined: 02 Sep 2012, 16:18

Re: Could we have SSL/HTTPS support?

Postby ghoulsblade » 19 Sep 2012, 22:23

"Permanently store this exception": it's there, but grayed out. I just checked, still that way in win7 64bit, firefox 15.0.1 .
The text says something about invalid certificate, something about the issuer being wrong.
So maybe it's not just non-verified but also somehow messed up.
Ubuntu 11.04 64bit Firefox 15.0.1 has no problem with it interestingly.
50€ per year per subdomain seems quite expensive i'd say.
A pity the self-signed things produce such a shocking feedback to non-techy users.
It would be tempting to have an encrypted connection for the sake of technology and being geeky, but i wouldn't accept even a one-time browser-alert or significant cost for it. Would feel broken if warning, and would feel non-free if payed. Meh, just rambling, never mind =)
User avatar
ghoulsblade
Global Moderator
 
Posts: 138
Joined: 08 Nov 2009, 22:47

Re: [REJECTED] Could we have SSL/HTTPS support?

Postby alexander » 02 Jul 2013, 15:37

I really wish it had HTTPS. it is inconvenient for me to have to route my traffic differently in fear of man-in-the-middle-attacks when logging into freegamedev. I'm honestly baffled that this is even an issue. I don't know any other sites I use on a monthly (probably yearly) basis that do not have HTTPS login.
alexander
 
Posts: 65
Joined: 22 Jun 2012, 19:06

Re: [REJECTED] Could we have SSL/HTTPS support?

Postby Tobbi » 18 Mar 2017, 13:23

With https://letsencrypt.org/, you should give this some further consideration.
SuperTux developer.
User avatar
Tobbi
SuperTux Moderator
 
Posts: 353
Joined: 12 Oct 2013, 13:08

Re: [REJECTED] Could we have SSL/HTTPS support?

Postby Lyberta » 18 Mar 2017, 14:19

Deleted.
Last edited by Lyberta on 01 Oct 2021, 03:43, edited 1 time in total.
Lyberta
 
Posts: 765
Joined: 19 Jun 2013, 10:45

Re: [REJECTED] Could we have SSL/HTTPS support?

Postby hagish » 19 Mar 2017, 14:25

With the server migration we will most likely have letsencrypt ssl vertificates.
User avatar
hagish
Global Moderator
 
Posts: 71
Joined: 08 Nov 2009, 22:53

Re: [DONE] Could we have SSL/HTTPS support?

Postby Julius » 19 Apr 2017, 06:37

With the new https support the youtube embedding broke as it tries to embed them in http only.
User avatar
Julius
Community Moderator
 
Posts: 3297
Joined: 06 Dec 2009, 14:02

Who is online

Users browsing this forum: No registered users and 1 guest

cron