Not sure where else to place this (not really a 'bug' or anything, move it if it's in the wrong spot), but the user login requests should be SSL encrypted. Right now the user and password for someone are sent cleartext when logging in. Since accounts will essentially be worth money after launch, it would probably be a good idea to make sure people can't steal passwords. (Yes you have to be able to sniff the network traffic but that's pretty trivial via any public wifi or for anyone who owns the routers/network someone is using to play on.) Doing the same to the requests with the auth tokens (including the store requests) would probably also be a good idea...
0
Secure the login requests
Started by
Ashfire908
, Nov 29 2012 01:01 PM
No replies to this topic
#1
Posted November 29 2012 - 01:01 PM
Developer of ScrimBot and the canceled Hawken leaderboards
Come join the Hawken IRC Channel and chat about Hawken: #hawkenscrim on irc.quakenet.net
Yes, I am a wizard - There is no cupcake conspiracy
Come join the Hawken IRC Channel and chat about Hawken: #hawkenscrim on irc.quakenet.net
Yes, I am a wizard - There is no cupcake conspiracy
[03:18:55 pm] <-- ^-^ (webchat@[ip removed]) has quit (Quit: Later All! Also pls ban Kindos7)
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users