Online multiplayer strategy game

PUBLIC FORUMS/GENERAL FORUM

Topic Title: HTTPS - it's about time (Simple Topic)

Topic starter: System Administrator

Topic started: 04:41:22 14th Jun 2018

Posts: 5 Last post: 14:05:15 7th Jul 2018 by Vedas

System AdministratorPosted: 04:41:22 14th Jun 2018

Posts: 34

Topics: 47

Location: United States

Gender: Male



Now that SL has a full server to itself, I've decided certbot was secure enough for SL for now, and I've not scraped together enough time to mess with any of the more light weight solutions. So - we finally have HTTPS support! There're a few quirks atm (ie, links to http in the source), but I'll probably sort those out eventually. Finally SkyLords supports a proper secured login form. I don't know about you, but I'm excited - been thinking about this one for a decade at least.

FAQ:

What does HTTPS do for me?

HTTPS prevents your password and your session cookie from leaking, so people can't eavesdrop on you and then tell SkyLords that they're you (it would totally believe them).

Why not just use it on the login page?

While putting it on the login page does protect your password, if you continue w/plain http they can still pretend to be you to SkyLords and do nasty things to you on this account. This could very well lead to further security breaches.

Sounds risky - why haven't we heard of people doing this yet?

They can and have - with Facebook. Not enough people care about SkyLords to mess with it (yet), but it's a fairly important milestone in website maturity (as is getting transactional emails delivered...).

I didn't know about all that - am I at risk?

If you've used the same password on SkyLords and any other service you care about more, you should probably change the password on the other service and not share it with an outdated site like SkyLords :/ (tightening security is also on the list). If you find keeping track of a bunch of passwords hard (I do), my best advice would be to use a password manager like KeePass (I sync the database via Dropbox) or LastPass (which is quite convenient, but costs $2/mo for mobile support). Both can autofill website passwords, though KeePass requires a bit more effort to get it working.

Honestly, the chances that someone has eavesdropped on your password when logging into SkyLords are low - what I'm suggesting is pretty standard security hygiene which you've probably heard dozens of times before. Like washing your hands before you eat - you likely won't get sick every time you eat without washing, but it reduces the odds of getting sick in that way.


FORTRANshadowPosted: 05:46:08 14th Jun 2018

Posts: 358

Topics: 17

Location: United States

Gender: Male



Thank you! I know it is a bit of a hassle, but I appreciate it.


MadMax1967Posted: 06:03:33 14th Jun 2018

Posts: 405

Topics: 47

Location: United States

Gender: Male



Very much appreciated.




__________________________
"KILL EM ALL.....LET GOD SORT EM OUT"












SuperSmithie09Posted: 07:03:11 14th Jun 2018

Posts: 422

Topics: 128

Location: United States

Gender: Male



Thank you sir!




__________________________
Squirrels

Tom BomadialPosted: 12:11:16 15th Jun 2018

Posts: 416

Topics: 72

Location: United States

Gender: Male



Does that mean we growed up now?




__________________________
"Is not easily provoked"
Translated:
It is not good to wake a sleeping bear

VedasPosted: 14:05:15 7th Jul 2018

Posts: 1

Topics: 0



Excellent.


© SkyLords 2002-2019 | SkyLords™ is Trademark worldwide | Terms of Use | Privacy Statement | Contact Us | Game FAQ
PUBLIC FORUMS
TICKETS
LANGUAGE FORUMS
SKYLORDS CHAT