use https for more security

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • use https for more security

      Hi,

      since GF seems to care a lil' bit more about the account-security [size=6][^1][/size] they should go a step further and use encrypted transmissions between the client and server.
      Some may remember man-in-the-middle-attacks at public hotspots against non-encrypted sides. This would (not only but mainly) important at the login.

      Pro: more security for the user

      Con: some more server-ressources are used (important esp. at high-load multispeed universes)
      gf have to pay for ssl-cert
      some really rare combinations might be locked out (maybe an option like IP-check to turn ssl off could be a solution)

      Even with all the negativ aspects i'd say that the improved security will worth the change and wouldn't wait until they hear about the first cracked accounts like Facebook or Twitter does.
    • Paying for SSL certs is the real killer for this idea.

      The way I see it, they have two options. Buy a cert for every server (terribly expensive) or encrypt logins to gameforge.com and force everyone to their games there.

      Encryption (which if they do it for just the login, this won't be as much of a problem) has another con that you didn't mention. If the entire game was encrypted it would drastically increase the load on the servers having to encrypt everyone's traffic instead of just sending it.
    • marshen wrote:

      you dont have to have a bought certificate. you can make your own even if its not trusted.
      Such thing from you? A normal user is unable to understand what the brwoser is telling him in such case and not disposed to set up a rule.

      A trusted certificate is valid only for the subdomain, so for each universe an other one is needed, so it's realy expensive.
    • 5vor12 wrote:

      Such thing from you? A normal user is unable to understand what the brwoser is telling him in such case and not disposed to set up a rule.


      see

      HelpLess wrote:

      [...]it should be no problem to use self signed certs. Experienced users know how the handle self signed certs and the security remark when you open the page trough https.


      like one of the previous posters told: could be optional and after account creation disabled.