Ninetailed

[Resolved] SES Forums — HTTPS

Recommended Posts

The forums do not currently appear to support HTTPS, meaning logins and passwords are being sent across the Internet in plaintext. This is not ideal for what should be obvious reasons.

Attempting to access the forums via an HTTPS URL (e.g. https://forum.systemera.net/) redirects (301 Moved Permanently) to a site titled SwiftKey VIP at swiftkey.com.

Edited by Wyvyrias
Added [Resolved] tag

Share this post


Link to post
Share on other sites

Without a doubt that needs attention soon! Good catch, everyone is busy looking at the game now (which is reasonable, the forums exists for Astroneer after all).

Edited by Wyvyrias

Share this post


Link to post
Share on other sites
18 minutes ago, Teutatis said:

Would it have not made more sense to send this as a PM or email to the devs, rather than make it publicly known.

The information is publicly available, in every user's address bar. Perhaps I should have erred on the side of caution, but it's done now.

Share this post


Link to post
Share on other sites
On 16/12/2016 at 5:37 PM, Ninetailed said:

The forums do not currently appear to support HTTPS, meaning logins and passwords are being sent across the Internet in plaintext. This is not ideal for what should be obvious reasons.

Attempting to access the forums via an HTTPS URL (e.g. https://forum.systemera.net/) redirects (301 Moved Permanently) to a site titled SwiftKey VIP at swiftkey.com.

I'm on https and it works for me

 

Share this post


Link to post
Share on other sites
32 minutes ago, 123hotdog1100 said:

I'm on https and it works for me

I forwarded this issue to the developers soon after this post was made and it was noticed immediately (security is important after all). Basically it's likely this is fixed now (the certificate was created today if you look at it's date) and all that's left is redirecting from HTTP to HTTPS by default. I'll make sure this gets a heads up, thanks!

Edited by Wyvyrias

Share this post


Link to post
Share on other sites
21 minutes ago, SES_Adam said:

I'll make sure that @RichardPsees this and gets the redirect to happen.

There are also some scripts not loading over the TLS

 

ss+(2016-12-18+at+04.57.09).png

Share this post


Link to post
Share on other sites

Great catch!

This also can be a good notice to everyone who is signing up and using these forums NOT to use the same password as your email or other personal accounts until HTTPS is implemented!

Share this post


Link to post
Share on other sites
On 12/20/2016 at 7:27 PM, Temper said:

Great catch!

This also can be a good notice to everyone who is signing up and using these forums NOT to use the same password as your email or other personal accounts until HTTPS is implemented!

Well, its preferred to NEVER use the same user/pass across multiple services, ever. Combo list attacks are a real thing, and get people in loads of trouble (especially when some forum account matches their paypal accounts!). So... do yourself a favor, make large and unique passwords on each new signup! If you have ownership of a domain and can make email aliases, then do make a new email for each signup as well to track spam, and access.

Share this post


Link to post
Share on other sites
3 hours ago, Ninetailed said:

I  don't think I can edit it. I don't see a control to do that anywhere.

Just report your first post, and request they edit the title with [RESOLVED]. Reporting yourself wont hurt ;) I do it a lot!

Share this post


Link to post
Share on other sites

I added the [Resolved] tag.
I'll leave this topic open in case you notice some issue with the HTTPS in the future.

Share this post


Link to post
Share on other sites
18 minutes ago, Frigidman said:

Just report your first post, and request they edit the title with [RESOLVED]. Reporting yourself wont hurt ;) I do it a lot!

Thanks for the tip! I'll do that in future.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now