Interaktyvus realaus laiko strateginis žaidimas Internete


Temos pavadinimas: HTTPS - it's about time (Paprasta tema)

Autorius: System Administrator

Tema pradėta: 04:41:22 2018 06 14

Pranešimai: 5 Paskutinis pranešimas: 14:05:15 2018 07 07. Autorius Vedas

System AdministratorPaskelbta: 04:41:22 2018 06 14

Pranešimai: 34

Temos: 47

Valstybė: United States

Lytis: Vyras

Now that SL has a full server to itself, I've decided certbot was secure enough for SL for now, and I've not scraped together enough time to mess with any of the more light weight solutions. So - we finally have HTTPS support! There're a few quirks atm (ie, links to http in the source), but I'll probably sort those out eventually. Finally SkyLords supports a proper secured login form. I don't know about you, but I'm excited - been thinking about this one for a decade at least.


What does HTTPS do for me?

HTTPS prevents your password and your session cookie from leaking, so people can't eavesdrop on you and then tell SkyLords that they're you (it would totally believe them).

Why not just use it on the login page?

While putting it on the login page does protect your password, if you continue w/plain http they can still pretend to be you to SkyLords and do nasty things to you on this account. This could very well lead to further security breaches.

Sounds risky - why haven't we heard of people doing this yet?

They can and have - with Facebook. Not enough people care about SkyLords to mess with it (yet), but it's a fairly important milestone in website maturity (as is getting transactional emails delivered...).

I didn't know about all that - am I at risk?

If you've used the same password on SkyLords and any other service you care about more, you should probably change the password on the other service and not share it with an outdated site like SkyLords :/ (tightening security is also on the list). If you find keeping track of a bunch of passwords hard (I do), my best advice would be to use a password manager like KeePass (I sync the database via Dropbox) or LastPass (which is quite convenient, but costs $2/mo for mobile support). Both can autofill website passwords, though KeePass requires a bit more effort to get it working.

Honestly, the chances that someone has eavesdropped on your password when logging into SkyLords are low - what I'm suggesting is pretty standard security hygiene which you've probably heard dozens of times before. Like washing your hands before you eat - you likely won't get sick every time you eat without washing, but it reduces the odds of getting sick in that way.

FORTRANshadowPaskelbta: 05:46:08 2018 06 14

Pranešimai: 359

Temos: 17

Valstybė: United States

Lytis: Vyras

Thank you! I know it is a bit of a hassle, but I appreciate it.

MadMax1967Paskelbta: 06:03:33 2018 06 14

Pranešimai: 420

Temos: 48

Valstybė: United States

Lytis: Vyras

Very much appreciated.


SuperSmithie09Paskelbta: 07:03:11 2018 06 14

Pranešimai: 422

Temos: 128

Valstybė: United States

Lytis: Vyras

Thank you sir!


Tom BomadialPaskelbta: 12:11:16 2018 06 15

Pranešimai: 420

Temos: 74

Valstybė: United States

Lytis: Vyras

Does that mean we growed up now?

"Is not easily provoked"
It is not good to wake a sleeping bear

VedasPaskelbta: 14:05:15 2018 07 07

Pranešimai: 1

Temos: 1


© SkyLords 2002-2019 | SkyLords™ prekybos ženklas | Naudojimosi sąlygos | Privatumas | Susisiekti su mumis | Žaidimo DUK