Jump to content
Welcome to the virtual battlefield, Guest!

World War II Online is a Massively Multiplayer Online First Person Shooter based in Western Europe between 1939 and 1943. Through land, sea, and air combat using a ultra-realistic game engine, combined with a strategic layer, in the largest game world ever created - We offer the best WWII simulation experience around.

Sign InNEW? GET STARTED HERE

HTTPS for the forums/homepage

rote7

By rote7,
in TESTING AND BUG REPORTING

 Share

Recommended Posts

rote7

rote7

Posted
Posted

I am missing to possibility to use encrypted http to connect to the forums and the BGE homepage. We (have to) transmit sensitive login data to both pages. At least for the BGE homepage the login data is the same as ingame and can be used to snoop/change account details, cc numbers, make purchases etc. .

Especially when one has to connect from an untrusted environment (eg. public wlan) this will come in handy. Not everyone has his own VPN gateway to use.

Can we get a SSL Certificate for the forums and the BGE homepage? Thawte or verisign have resellers who sell certs at very reasonable prices.

Link to comment
Share on other sites
rote7

rote7

Posted
  • Author
Posted

Yes, they are. But the site logins for wwiionline.com and for the forums are not secured by https. As long as someone still can snoop userids and passwords from these connections it does not matter whether the account pages use enrypted connections or not.

Link to comment
Share on other sites
branko

branko

Posted
Posted

You could say the same of the sign-in to the game servers (via the game-client).

Technically there is no reason why this could not be done ... The certificate used for the Account Management Function/Pages should be able to be used to encrypt any pages in any of the sub-domains ...

However the account management system still operates in the "old" wwiionline domain (and this may be the reason that it does).

PM Bloo - In case the game-people do not pass on your message to him. That would at least get the ball rolling (or at least looked at).

Link to comment
Share on other sites
gigerman

gigerman

Posted
Posted

SSL is domain specific. If they are to secure a different domain, they will have to get a new SSL to cover it. Better choice is probably to get the account stuff under the same domain.

Link to comment
Share on other sites
lure

lure

Posted
Posted

PLaynet security tip: If you unsub right away after you buy 1/3/6months or whatever plan you choose your CC info is cleared so even is someone have your login info they can't buy anything and have to enter new CC info.

Link to comment
Share on other sites
rote7

rote7

Posted
  • Author
Posted
You could say the same of the sign-in to the game servers (via the game-client).

IIRC the install of BGE contains the OpenSSL library. Thats why I always assumed that the playnet.exe sends the credentials over an encrypted connection, will check that tomorrow at work.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...