TRUCK NINJA BREAD Posted August 7, 2016 Share Posted August 7, 2016 Hi, The website, the login and sending data is NOT encrypted. Even the Register page is NOT encrypted. The only thing that's encrypted is the forums. My only question is why and what's the reason as it's potentially dangerous leaving your website exposed like this. You could get free SSL certifications from Comodo or Let's Encrypt. https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php https://letsencrypt.org/ My advice is to encrypt your traffic as soon as possible and not leaving things exposed as they are now. Please learn from your lessons, like the last time you had a breach. Thanks. Link to comment Share on other sites More sharing options...
Guest Posted August 7, 2016 Share Posted August 7, 2016 Had you bothered searching you would have found threads covering both the breach and how that happened, and if you truly cared, you would know that MITM attacks are extremely rare(all practical en-mass examples we've seen so far has been local attacks, where you'd be pwned regardless). To cover why it's not running fully https yet is a technical one where certain plans that was later removed hampered the ability to provide a reliable service. Deployment of full end-to-end SSL (that is external and internal traffic) is planned, but things like this takes a bit more time to deploy when you got more users, because you have to look into how it'll impact your user base and gather the numbers. From a purely op-sec standpoint, our site is not that valuable to MITM because you would need a user's steam account as well to get any use out of the account. And my final point: we're doing this as volunteers and have to split all our time on TruckersMP and other projects we care about, and the time we spend on TMP is then divided into Development and operational time, where we are currently in the middle of a infrastructure update which eats a lot of time and will let us do end to end ssl. Link to comment Share on other sites More sharing options...
TRUCK NINJA BREAD Posted August 7, 2016 Author Share Posted August 7, 2016 ^ What has that image to do with? I didnt go into details about the breach. Fact there was one. The only reason i brought up is that i feel the things so far is not good enough. Now back to the original point of the thread is to encrypt your data -> It should have been the top priority. In my opinion it feels like a lazy job. Not going in details what's possible without SSL. I am sure you know. Not trying to flame here and I can imagine the amount of work people -volunteer- or not are being put up. But that's no excuse to leave work laying such as important ones as end to end encryption leaving behind. But thanks for your explaination. I really appreciate it, no hard feelings. Link to comment Share on other sites More sharing options...
Guest Posted August 7, 2016 Share Posted August 7, 2016 the image is because you just made the nth post about the same thing that I've had to explain multiple times already, which you could have found by searching the forums, and don't you come here calling it a lazy job if you don't know how much work we are doing here Link to comment Share on other sites More sharing options...
the bored hermit Posted August 7, 2016 Share Posted August 7, 2016 thats your opinion I can assure you that the decs and everyone else part of the staff works there hardest to get everything done in no way are they lazy some people think it ain't hard I got news it's a big thing being a developer Link to comment Share on other sites More sharing options...
TRUCK NINJA BREAD Posted August 7, 2016 Author Share Posted August 7, 2016 1 minute ago, Tuxy Fluffyclaws said: the image is because you just made the nth post about the same thing that I've had to explain multiple times already, which you could have found by searching the forums, and don't you come here calling it a lazy job if you don't know how much work we are doing here Look i am not trying to flame here, but i feel the priority is too low on that one. Apologies if it came over in a wrong way. I don't criticize the work, i criticize the current priority on a fairly important thing. Big difference. Link to comment Share on other sites More sharing options...
TRUCK NINJA BREAD Posted August 7, 2016 Author Share Posted August 7, 2016 6 minutes ago, the bored hermit said: thats your opinion I can assure you that the decs and everyone else part of the staff works there hardest to get everything done in no way are they lazy some people think it ain't hard I got news it's a big thing being a developer But i guess the thread is not going anywere as our opinions regarding this subject disagree. Fair enough. Thanks anyway. It can be closed if neccessary. Link to comment Share on other sites More sharing options...
Guest Posted August 7, 2016 Share Posted August 7, 2016 14 minutes ago, TRUCK NINJA BREAD said: Look i am not trying to flame here, but i feel the priority is too low on that one It's on our highest priority, but if you bothered reading what I wrote, you'd see that it's not as simple as you think it is, because we're not a tiny project like your little hobby website. Link to comment Share on other sites More sharing options...
Web Developer Kid Fabi Posted August 7, 2022 Web Developer Share Posted August 7, 2022 Archived as we already have the needed encryption. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.