Loading...

Forum index > General discussion >

HTTPS version of zero-k.info isn't default?

7 posts, 270 views

Post comment

Filter: Player:

sort
yanom 4 months ago So I just found out that this website supports HTTPS (https://zero-k.info/) and has for years. Why is it that putting zero-k.info in the browser bar automatically directs to the outdated HTTP version and not the HTTPS version? +1 / -0
izirayd 4 months ago For me it https +1 / -0
Galamesh 4 months ago Good observation. There is no redirect if just browsing to zero-k.info and the in game client links to forum and main site are http. From the lobby, clicking on a user and selecting user page sends to the user's page via https however, so not all in client links are http. +2 / -0
katastrophe 4 months ago (edited 4 months ago) It`s like this for years now. +1 / -0
Chesti 4 months ago yanom What would been the benefits of HTTPs here? Are you afraid someone middleattacks your elo? :-P +0 / -0
malric 4 months ago The problem is the login form. The login/password will be sent in clear. If people use the same password for multiple services (yes, they shouldn't but...) you got another way to leak the password. Not sure there is a reason for also having the http only, but without such reason (like old thing that access site and does not know https), having http redirect to https would be very good. +3 / -0
malric 4 months ago Ok, based on https://github.com/ZeroK-RTS/Chobby/commit/5b736bc861104bd536789244082f41e1aa34aedd at least on "old thing that access site" was the lobby. +0 / -0