Luca vom Bruch Posted February 28, 2017 Share Posted February 28, 2017 Just noticed, the website and the forums don't seem to support HTTPS. I think that should be standard. Let's Encrypt is free. 2 Quote Link to comment
Marcel Semelka Posted March 16, 2017 Share Posted March 16, 2017 Yep, me being an IT administrator I have to agree and especially if you tell your customers now to put their order Number, serial Number, real name etc. into their forum profiles. Even if your data gets stored encrypted in a database (which I really hope it does) the transport of the data is currently not. And with valueable customer data like this, HTTPS should not only be used, but is necessary! It really is a standard nowadays to provide HTTPS, with encryption becoming more and more important. You should protect the data of your customers against any type of malicious attacks, like you are protecting your software against piracy. LetsEncrypt for example is a free solution for that, but it needs renewal every 3 months (which can be automated on the webserver with a script/cronjob). Usually companies own a wildcard certificate for their domain, cheap solutions for that are starting at about 100-150 $ a year (like AlphaSSL, I just bought a 3-year valid one there a couple of days ago for the company whos IT I'm managing) A wildcard certificate has the advantage that is allows all of your subdomains to be encrypted by the same certifcate. For example you get a wildcard certificate for *.flightsimlabs.com, that would allow you to encrypt forums.flightsimlabs.com,support.flightsimlabs.com,redownload.flightsimlabs.com (which is also uncrypted at the moment) etc. with only one certificate. Just my 2 cents 5 Quote Link to comment
Chirag Geiantilal Posted March 17, 2017 Share Posted March 17, 2017 Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account. 1 Quote Link to comment
Jonathan Fong Posted March 17, 2017 Share Posted March 17, 2017 11 minutes ago, Chirag Geiantilal said: Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account. I agree - the way it is now, if malicious individuals (e.g. hackers) get the passwords of forum members, they essentially have free serials for the A320X. They would still need the order number, though, but I don't feel very comfortable with my serial number being shown regardless... 1 Quote Link to comment
Karl Brooker Posted March 17, 2017 Share Posted March 17, 2017 Gents, HTTPS is on the roadmap, so that's coming. 2FA will be discussed in the future, and we understand your concerns as to why you'd want it 3 Quote Link to comment
Jonathan Fong Posted March 19, 2017 Share Posted March 19, 2017 On 3/17/2017 at 11:16 PM, Karl Brooker said: Gents, HTTPS is on the roadmap, so that's coming. 2FA will be discussed in the future, and we understand your concerns as to why you'd want it Excellent! Any chance of an ETA, or is it just going to be soon(tm) for now? I think us users would all verymuch appreciate it if it were bumped up to ASAP, now that we have to put our purchase data onto the forums... 1 Quote Link to comment
Lefteris Kalamaras Posted April 4, 2017 Share Posted April 4, 2017 We just installed an SSL certificate for the forums, so you can use https://forums.flightsimlabs.com Feel free to try it and let us know how it works for you. EDIT: Fixed link. 2 Quote Link to comment
Ju_li_en Ke_ml_er Posted April 4, 2017 Share Posted April 4, 2017 the link adds a " . " after the .com after removing it it works fine. Quote Link to comment
Lefteris Kalamaras Posted April 4, 2017 Share Posted April 4, 2017 Thanks Julien, I fixed that link. Also- SSL should work for Support and Redownload as well. Quote Link to comment
Chirag Geiantilal Posted September 21, 2017 Share Posted September 21, 2017 Any news on 2FA? Quote Link to comment
Lefteris Kalamaras Posted September 21, 2017 Share Posted September 21, 2017 On 3/17/2017 at 3:44 PM, Chirag Geiantilal said: Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account. Your key is not visible even to administrators in here as it's blanked out. As such, you don't need to worry about it at all. 2 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.