Topic

Non-secure connection to the website

I wonder why the connection to Glitch website is non-secure. Surely we as users will feel more comfortable passing our login credentials via a channel that is encrypted by a secure certificate. The developers can argue that Flash might not support the encrypted connection. But we still must be able to login the website  (before entering the game world) by using the secure connection and then switch to the non-secure port to make Flash happy if necessary.

Posted 18 months ago by Dengo Subscriber! | Permalink

Replies

  • Meh, it's just a game login, why does security matter? There is a secure bit (https) here: the payment section. For obvious reasons. But why would you want it for the whole site? 
    Posted 18 months ago by Hburger Subscriber! | Permalink
  • Hburger, I am surprised that you are not worried that your login credentials can be easily sniffed whilst on the way to the Glitch authentication server. I am sure you don't publish your credit card details on the notice board of your local supermarket. The login details are of the same nature. 

    Please point me at where I wanted it for the whole site. Sorry, I can't find it. I said that it would be good enough if only the authentication stage went through the secure port.
    Posted 18 months ago by Dengo Subscriber! | Permalink
  • eh
    "the connection to Glitch website is non-secure"
    "must be able to login the website"

    Whether you meant it that way or not, the sentence you wrote means the whole website, not just part of it.  If you only meant part of it, then you need to use adjectives that describe which part you mean.
    Posted 18 months ago by WindBorn Subscriber! | Permalink
  • My login details are very different from my credit card and other financial details. I use one email address and password for fun sites and general roaming about the net and a very different set of details for banking, shopping etc.
    The only time I was concerned about an overlap was on Faunasphere, because the login for the site also allowed purchases of bux and subscriptions. 
    I'm not fussed about security of logging in to glitch, so long as the subscriptions and credits purchases are secure. 
    Posted 18 months ago by Momo McGlitch Subscriber! | Permalink
  • WindBorn, I apologise if my message in its entirety didn't make much sense. I suggested that Flash might not like to work via an encrypted connection due to the traffic encryption can slow things down and other reasons, so I concluded that at least the authentication part could be encrypted.

    This could be similar to Gmail in its early years, where the user sent their login details via an encrypted connection, then was redirected to the standard port 80.
    Posted 18 months ago by Dengo Subscriber! | Permalink