[Login] Automatically use HTTPS on Login

Suggestions that have made it through the grind, and have become integrated into the site!

Moderators: Suggestions Team, Global Moderators

[Login] Automatically use HTTPS on Login

Postby bedub1 on Fri Jan 28, 2011 10:36 pm

Concise description:
  • Change the login page from using the insecure/unencrypted HTTP to using the secure/encrypted HTTPS

Specifics/Details:
  • HTTPS is already setup, so it should be very easy.
  • Create a redirect so if a user tries to visit http://www.conquerclub.com they are redirected to https://www.conquerclub.com
  • After logging in the user using https, redirect the user back to http for playing games, forum, chat etc

How this will benefit the site and/or other comments:
  • Users at a public insecure hotspot will have their password encrypted
  • Users at work won't have their passwords sniffed by their system administrators
  • Users without encryption on their home wifi won't have their passwords sniffed by their neighbors
  • CC won't be liable for users passwords being hacked
  • CC will be recognized as a forward thinking and user friendly website, working hard to protect it's users. Instead of a website that just really doesn't give a shit.
  • SirSebstar won't have to manually change from HTTP to HTTPS to play games while at work
  • sam-c812 wouldn't be reported for cheating
  • You don't have to worry about your ISP stealing your password
  • You don't have to worry about your government stealing your password
  • You don't have to worry about the Tunisian government stealing your password
  • I'll stop bitching about it
  • I'll change my signature

Supporters:
  • bedub1
  • Mr_Adams
  • rdsrds2120
  • SirSebstar
  • stahrgazer
  • InsomniaRed
  • Woodruff "Encryption is pointless?" <- I take this to mean he supports it.
  • Metsfanmax
  • basic_man2010_20<- doesn't specify this is a good idea...but keeps trying to get CC to be more secure
  • chipv
  • jakewilliams
  • Darwins_Bane23:03:23 ‹Darwins_Bane› i really would like to see just the login screen run the extra ssl socket

People that seem to thing encryption/security is silly:

  • blakebowling

If I have you on the wrong list please let me know.
Last edited by bedub1 on Fri Mar 11, 2011 2:05 am, edited 9 times in total.
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby Mr_Adams on Wed Feb 02, 2011 11:37 pm

Good point. And if we are going for security, shouldn't the whole website be in HTTPS, since you can buy premium membership and other such internet transactions?
I am voting Republican now. The Democrats left a bad taste in my mouth -Monica Lewinski
User avatar
Lieutenant Mr_Adams
 
Posts: 1932
Joined: Fri Jul 13, 2007 8:33 pm
Medals: 49
Standard Achievement (4) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (2) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (4) Nuclear Spoils Achievement (1) Fog of War Achievement (4)
Speed Achievement (2) Teammate Achievement (1) Random Map Achievement (2) Cross-Map Achievement (3) Ratings Achievement (3)
Tournament Achievement (1) General Achievement (1) Clan Achievement (8) Tournament Contribution (5)

Re: Turn HTTP into HTTPS on login

Postby Darwins_Bane on Thu Feb 03, 2011 1:06 am

Although I understand where you're coming from, this is a gaming website, there is little to no likelyhood that someone is going to try to steal your password to it. There just really isn't any point. On the point of transactions on the website, you will notice that when you try and pay, it redirects to https for security reasons during the transaction.
high score : 2294
02:59:29 ‹Khan22› wouldn't you love to have like 5 or 6 girls all giving you attention?
10/11/2010 02:59:39 ‹TheForgivenOne› No.
Corporal Darwins_Bane
 
Posts: 990
Joined: Tue Mar 04, 2008 7:09 pm
Location: Ottawa, Ontario
Medals: 33
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (3) Manual Troops Achievement (3) Freestyle Achievement (3) Nuclear Spoils Achievement (2) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Cross-Map Achievement (1) Ratings Achievement (1) General Achievement (1)
General Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby tkr4lf on Thu Feb 03, 2011 1:14 am

I highly doubt this is related to this suggestion, but the other day I was playing and all of a sudden it switched to HTTPS for some odd reason in the middle of doing something. Then, for some reason, every time I refreshed the page/went to a new page, a pop up occured that asked me if I wanted to view all information on page or just the information that was secure, and it was very annoying having to click "yes" or "no" everytime. Again, doubt this is related, and it went away when I exited the site and came back, but still something to consider.
User avatar
Major tkr4lf
 
Posts: 1368
Joined: Thu Nov 06, 2008 11:35 am
Location: Austin, TX
Medals: 63
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (3) Quadruples Achievement (3) Terminator Achievement (1)
Manual Troops Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (4) Trench Warfare Achievement (1) Speed Achievement (2)
Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3) Ratings Achievement (4) Tournament Achievement (4)
General Achievement (1) Clan Achievement (11) Tournament Contribution (14)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Fri Feb 04, 2011 1:27 am

You can lead a horse to water, but you can't make it drink
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby SirSebstar on Fri Feb 04, 2011 6:49 am

Darwins_Bane wrote:Although I understand where you're coming from, this is a gaming website, there is little to no likelyhood that someone is going to try to steal your password to it. There just really isn't any point. On the point of transactions on the website, you will notice that when you try and pay, it redirects to
https for security reasons during the transaction.


Actually there is another issue involved. i am currently working in an environment that does not allow me to game on cc during my break. I can only acces the forums because i add the s to http manually. It does work, but i cannot play my games that way unless i can play them in https. it gets blocked by the firewall.

So please introduce this.
regards,
SirSebstar
Image
User avatar
Major SirSebstar
 
Posts: 7329
Joined: Fri Oct 27, 2006 7:51 am
Location: SirSebstar is BACK. Highscore: Colonel Score: 2919 21/03/2011
Medals: 95
Standard Achievement (4) Doubles Achievement (2) Triples Achievement (2) Quadruples Achievement (2) Terminator Achievement (3)
Assassin Achievement (3) Manual Troops Achievement (3) Freestyle Achievement (1) Nuclear Spoils Achievement (3) Fog of War Achievement (4)
Speed Achievement (3) Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Achievement (23) General Achievement (6) Clan Achievement (9) Training Achievement (1) Tournament Contribution (4)
General Contribution (11)

Re: Turn HTTP into HTTPS on login

Postby rdsrds2120 on Fri Feb 04, 2011 7:13 pm

I think this is one of those ideas that just seems undebatable. No matter which way you cut it, isn't https all around better than normal http for security?

-rd
Image
User avatar
Corporal 1st Class rdsrds2120
Retired Administrator
 
Posts: 7220
Joined: Fri Jul 03, 2009 3:42 am
Medals: 90
Conquer Cup Bronze Achievement (1) Standard Achievement (4) Doubles Achievement (3) Triples Achievement (3) Quadruples Achievement (3)
Terminator Achievement (3) Assassin Achievement (3) Manual Troops Achievement (4) Freestyle Achievement (4) Nuclear Spoils Achievement (3)
Fog of War Achievement (4) Trench Warfare Achievement (2) Speed Achievement (4) Teammate Achievement (2) Random Map Achievement (2)
Cross-Map Achievement (3) Battle Royale Achievement (3) Ratings Achievement (3) Tournament Achievement (4) General Achievement (9)
Clan Achievement (7) Training Achievement (3) Tournament Contribution (4) General Contribution (9)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Sat Feb 05, 2011 1:43 pm

rdsrds2120 wrote:I think this is one of those ideas that just seems undebatable. No matter which way you cut it, isn't https all around better than normal http for security?

-rd

=D> =D> =D> =D> =D> =D> =D> =D> =D> =D>

I wasn't sure how to respond to somebody who said "egh...we don't' need that" without it turning into a flame....
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Sun Feb 06, 2011 12:27 pm

The reason secure isn't used on all pages. Its slower than regular http. If you would like to use it. Simply go to https://conquerclub.com/ and browse around. Also, as someone said before, some elements, such as the static images, xml files, style sheets and such; would make no sense as they never change.

Regardless of my rant.
Login on https = not a horrible idea.
Whole site on https = redundant.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Cadet blakebowling
Operations Manager
Operations Manager
 
Posts: 4997
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Sun Feb 06, 2011 2:31 pm

blakebowling wrote:The reason secure isn't used on all pages. Its slower than regular http. If you would like to use it. Simply go to https://conquerclub.com/ and browse around. Also, as someone said before, some elements, such as the static images, xml files, style sheets and such; would make no sense as they never change.

Regardless of my rant.
Login on https = not a horrible idea.
Whole site on https = redundant.

Can we change it to:

Login on https = fantastic idea
Whole site on https = waste of bandwidth
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Sun Feb 06, 2011 4:04 pm

well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Mon Feb 07, 2011 4:12 pm

basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

If I could read this, I might just have something to say about it.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Cadet blakebowling
Operations Manager
Operations Manager
 
Posts: 4997
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Tue Feb 08, 2011 12:23 pm

blakebowling wrote:
basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

If I could read this, I might just have something to say about it.

hey now...that's not very polite. Did you consider english might not be his primary language?

"Well actually you saying that this is a gaming website thus nobody will attack it...umm..yeah...how about there are hackers that attack games just to f*ck with people...mafia (mmporg) gaming websites get hacked all the time. I am pretty sure that this site is easy to hack."
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Tue Mar 01, 2011 10:52 pm

Bump.

Can we try and get this deployed? It's really easy and would be helpful, even if everybody doesn't understand why or agree. There really isn't a single downside to deploying this....only positives....
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login (poll created)

Postby InsomniaRed on Tue Mar 01, 2011 11:00 pm

YES! Aladdin! And yes to the login being changed to HTTPS, but not the whole site.
      I will always love you Nick, Forever.
Image
      I will always love you Nick, Forever.
User avatar
Major InsomniaRed
 
Posts: 2282
Joined: Sun Dec 30, 2007 2:58 am
Location: In Nick's heart
Medals: 60
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (3) Quadruples Achievement (3) Terminator Achievement (2)
Assassin Achievement (2) Manual Troops Achievement (3) Freestyle Achievement (3) Nuclear Spoils Achievement (3) Fog of War Achievement (3)
Speed Achievement (3) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (3) General Achievement (4)
Clan Achievement (3) Tournament Contribution (8) General Contribution (7)

Next

Return to Implemented Suggestions

Who is online

Users browsing this forum: No registered users and 1 guest

Login