Jump to content

SSL/TLS


Luca vom Bruch

Recommended Posts

  • 3 weeks later...
Marcel Semelka

Yep, me being an IT administrator I have to agree and especially if you tell your customers now to put their order Number, serial Number, real name etc. into their forum profiles.

Even if your data gets stored encrypted in a database (which I really hope it does) the transport of the data is currently not. And with valueable customer data like this, HTTPS should not only be used, but is necessary!

It really is a standard nowadays to provide HTTPS, with encryption becoming more and more important.

You should protect the data of your customers against any type of malicious attacks, like you are protecting your software against piracy.

 

LetsEncrypt for example is a free solution for that, but it needs renewal every 3 months (which can be automated on the webserver with a script/cronjob).

Usually companies own a wildcard certificate for their domain, cheap solutions for that are starting at about 100-150 $ a year (like AlphaSSL, I just bought a 3-year valid one there a couple of days ago for the company whos IT I'm managing)

A wildcard certificate has the advantage that is allows all of your subdomains to be encrypted by the same certifcate.

For example you get a wildcard certificate for *.flightsimlabs.com, that would allow you to encrypt forums.flightsimlabs.com,support.flightsimlabs.com,redownload.flightsimlabs.com (which is also uncrypted at the moment) etc. with only one certificate.

 

Just my 2 cents ;)

  • Like 5
Link to comment
Chirag Geiantilal

Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account.

  • Like 1
Link to comment
Jonathan Fong
11 minutes ago, Chirag Geiantilal said:

Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account.

I agree - the way it is now, if malicious individuals (e.g. hackers) get the passwords of forum members, they essentially have free serials for the A320X. They would still need the order number, though, but I don't feel very comfortable with my serial number being shown regardless...

  • Like 1
Link to comment
Karl Brooker

Gents,

HTTPS is on the roadmap, so that's coming.
2FA will be discussed in the future, and we understand your concerns as to why you'd want it :) 

  • Like 3
Link to comment
Jonathan Fong
On 3/17/2017 at 11:16 PM, Karl Brooker said:

Gents,

HTTPS is on the roadmap, so that's coming.
2FA will be discussed in the future, and we understand your concerns as to why you'd want it :) 

Excellent! Any chance of an ETA, or is it just going to be soon(tm) for now? I think us users would all verymuch appreciate it if it were bumped up to ASAP, now that we have to put our purchase data onto the forums...

  • Like 1
Link to comment
  • 3 weeks later...
  • 5 months later...
Lefteris Kalamaras
On 3/17/2017 at 3:44 PM, Chirag Geiantilal said:

Something like 2 factor auth would be good also, in resume we have our A320-X key here, with 2 factor auth it would be more secure, if someone tries to login in account.

Your key is not visible even to administrators in here as it's blanked out. As such, you don't need to worry about it at all.

  • Like 2
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...