HTTPS for the forum?

[Speadge]

Hi,

with the growing community and the upcoming console support, i wonder Squad still not cares about https for community "support".
Im not paranoid or else, but i'D love to know, that at least my logins here are encoded and cant be grapped whenever im on public LAN / using not known access-points or else.

What are your thoughts? I mean, at least its something that would add up for the reputation of the maintainer of a site / game...

 

edit: just checked my other top 3 games and all of them are using https for their whole website.

Edited July 10, 2016 by Speadge

[DuoDex]

HTTPS for the forums is a question for IPS/Multiplay, or whoever hosts the site these days, not really Squad as they aren't too involved with the actual mechanics of the forums.

If you're worried about password security try using a different password for this site rather than all your others - that way even if someone does grab it they won't be able to use it.

[KasperVld]

There are currently no plans for an SSL-secured connection to our forums. Perhaps in the future.

[Mad Rocket Scientist]

As I understand it (not very well), HTTPS everywhere has a lot of the advantages of an actual HTTPS connection.

[stibbons]

5 hours ago, Mad Rocket Scientist said:

As I understand it (not very well), HTTPS everywhere has a lot of the advantages of an actual HTTPS connection.

HTTPS everywhere solves a different kind of problem. For sites that have HTTPS available it tries to make sure your browser prefers encryption by rewriting links. It doesn't do anything for sites that don't use HTTPS in the first place. 

[Mad Rocket Scientist]

22 minutes ago, stibbons said:

HTTPS everywhere solves a different kind of problem. For sites that have HTTPS available it tries to make sure your browser prefers encryption by rewriting links. It doesn't do anything for sites that don't use HTTPS in the first place. 

Ah, OK.  Thanks!

[Guest]

As an admin on an IPS board, and I'm sure @KasperVld can attest to this, there is not any full SSL support on the IPS suite.  We do have it configured on my board, but it is only used when handling logins and in the admin control panel.  The IPS developers are still working on bringing full SSL support in a future update, but until then there isn't much more security using the partial SSL than there is with nothing at all.

[igor290506]

On 7/12/2016 at 0:50 PM, KasperVld said:

There are currently no plans for an SSL-secured connection to our forums. Perhaps in the future.

well untill kraken strikes

[Blauerdaemon]

Activating HTTPS in IPS seems simple. At the start of the linked page it is told how to activate it for parts only but below the first image there is a section about moving to 100% HTTPS.

Obtaining and setting up a certificate might not be trivial but at least with Let's Encrypt it should not take much time.

A possible direct benefit for Squad apart from appreciation by the users would be that HTTP/2 support by browsers is better with SSL/TLS - possibly reducing traffic costs.

Edited August 6, 2016 by Blauerdaemon
wording

[Speadge]

just a nice example for overwhelming publicity for unsecured forums:

http://dev.dota2.com/showthread.php?t=269496

I wonder how difficult it may be to get the forum-admins PW on unsecured connections and dump the whole database?

IF it happens, its to late, @KasperVld

[Blauerdaemon]

Firefox 51 and Chrome 56 display insecure password warnings if login pages are non-https. See https://support.mozilla.org/en-US/kb/insecure-password-warning-firefox

So this issue starts to become more visible for the average user.

[linuxgurugamer]

Speaking as a sysadmin for a company which has a daily usage of between 3 and 5 million users (probably about 6 mil total), we just finished a huge project of moving the entire sire to https.  It's not trivial, but Squad should make it known that they would like it done sooner rather than later.  

I'm sure there are bugs in the forum software, and if exploited, the entire site can be lost.