No HTTPS?

[FallenSoldier]

Just wondering why there is no HTTPS connection on here. Any logins can be seen in plaintext. I was able to get my login credentials quite easily with wireshark (on my local network). I normally run a VPN, but thats only encrypted up until the VPN server. Any wire tapping close to the CF.net hosting server would be able to have a field day with getting login credentials.

 

[Knotical]

@Eora, Any word on this?

This could just be another bug from the recent migration.

Actually, I should be tagging Nick on this.

 

[WIP]

I think there are some remaining issues with regard to our security that still need to be worked out. I believe Nick is working on it.

 

[FallenSoldier]

Oops, didn't see this thread. Looks like Nick is in fact working on it. True, this site does not have any kind of sensitive data, but if someone was to get bored and grab admin account credentials and wreck havoc on the forums, it'd be a bit of a headache to fix the mess. As an example, I worked for a radio station once, and you'd think 'who in the world would hack a radio station?' Well believe it or not, it happens, which is why they wanted me to fix up their security. Forgive me if I sound pestering, I don't mean to. Just sharing my knowledge on the matter