Ninetailed Posted December 16, 2016 (edited) The forums do not currently appear to support HTTPS, meaning logins and passwords are being sent across the Internet in plaintext. This is not ideal for what should be obvious reasons. Attempting to access the forums via an HTTPS URL (e.g. https://forum.systemera.net/) redirects (301 Moved Permanently) to a site titled SwiftKey VIP at swiftkey.com. Edited January 8, 2017 by Wyvyrias Added [Resolved] tag Share this post Link to post Share on other sites
Wyvyrias Posted December 17, 2016 (edited) Without a doubt that needs attention soon! Good catch, everyone is busy looking at the game now (which is reasonable, the forums exists for Astroneer after all). Edited December 17, 2016 by Wyvyrias Share this post Link to post Share on other sites
Teutatis Posted December 18, 2016 Would it have not made more sense to send this as a PM or email to the devs, rather than make it publicly known. Share this post Link to post Share on other sites
Ninetailed Posted December 18, 2016 18 minutes ago, Teutatis said: Would it have not made more sense to send this as a PM or email to the devs, rather than make it publicly known. The information is publicly available, in every user's address bar. Perhaps I should have erred on the side of caution, but it's done now. Share this post Link to post Share on other sites
corruptpony Posted December 18, 2016 Probably also more meant like a warning. Don't log in to the forums on public Wi-Fi! Share this post Link to post Share on other sites
123hotdog1100 Posted December 18, 2016 On 16/12/2016 at 5:37 PM, Ninetailed said: The forums do not currently appear to support HTTPS, meaning logins and passwords are being sent across the Internet in plaintext. This is not ideal for what should be obvious reasons. Attempting to access the forums via an HTTPS URL (e.g. https://forum.systemera.net/) redirects (301 Moved Permanently) to a site titled SwiftKey VIP at swiftkey.com. I'm on https and it works for me Share this post Link to post Share on other sites
Wyvyrias Posted December 18, 2016 (edited) 32 minutes ago, 123hotdog1100 said: I'm on https and it works for me I forwarded this issue to the developers soon after this post was made and it was noticed immediately (security is important after all). Basically it's likely this is fixed now (the certificate was created today if you look at it's date) and all that's left is redirecting from HTTP to HTTPS by default. I'll make sure this gets a heads up, thanks! Edited December 18, 2016 by Wyvyrias Share this post Link to post Share on other sites
SES_Adam Posted December 18, 2016 I'll make sure that @RichardPsees this and gets the redirect to happen. Share this post Link to post Share on other sites
DirtyJ Posted December 18, 2016 21 minutes ago, SES_Adam said: I'll make sure that @RichardPsees this and gets the redirect to happen. There are also some scripts not loading over the TLS Share this post Link to post Share on other sites
Frigidman Posted December 19, 2016 When you get the redirect completed, dont forget to set the three main cookies to secure only. Share this post Link to post Share on other sites
Temper Posted December 21, 2016 Great catch! This also can be a good notice to everyone who is signing up and using these forums NOT to use the same password as your email or other personal accounts until HTTPS is implemented! Share this post Link to post Share on other sites
Frigidman Posted December 29, 2016 On 12/20/2016 at 7:27 PM, Temper said: Great catch! This also can be a good notice to everyone who is signing up and using these forums NOT to use the same password as your email or other personal accounts until HTTPS is implemented! Well, its preferred to NEVER use the same user/pass across multiple services, ever. Combo list attacks are a real thing, and get people in loads of trouble (especially when some forum account matches their paypal accounts!). So... do yourself a favor, make large and unique passwords on each new signup! If you have ownership of a domain and can make email aliases, then do make a new email for each signup as well to track spam, and access. Share this post Link to post Share on other sites
Wyvyrias Posted January 3, 2017 Just as quick update, it seems the HTTPS "upgrade" is now done. So enjoy a safe stay on our forums! Share this post Link to post Share on other sites
Frigidman Posted January 3, 2017 Cool beans, and the cookies are secured as well! Good job! Share this post Link to post Share on other sites
Crell Posted January 8, 2017 Is there no way to mark this with a [fixed] tag now? Let's have some order Share this post Link to post Share on other sites
Ninetailed Posted January 8, 2017 I don't think I can edit it. I don't see a control to do that anywhere. Share this post Link to post Share on other sites
Frigidman Posted January 8, 2017 3 hours ago, Ninetailed said: I don't think I can edit it. I don't see a control to do that anywhere. Just report your first post, and request they edit the title with [RESOLVED]. Reporting yourself wont hurt I do it a lot! Share this post Link to post Share on other sites
Wyvyrias Posted January 8, 2017 I added the [Resolved] tag. I'll leave this topic open in case you notice some issue with the HTTPS in the future. Share this post Link to post Share on other sites
Ninetailed Posted January 8, 2017 18 minutes ago, Frigidman said: Just report your first post, and request they edit the title with [RESOLVED]. Reporting yourself wont hurt I do it a lot! Thanks for the tip! I'll do that in future. Share this post Link to post Share on other sites