• 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
HTTPS
#1
Is there a reason that the site does not use HTTPS? Looks to me like there's some valuable session information being sent un-encrypted over HTTP, specifically (but not limited to) the sid cookie that contains the information you need to steal a session.

I am most worried about the information leaked on rgl.gg. If an attacker managed to steal the cookies of a site admin (for example, using a promiscuous packet capture at a LAN, or malware), a lot of damage could be done.
-spyro
  Reply
#2
mothership just needs to set it up, we're hoping to use letsencrypt to do it instead of paying $20+/year for a simple cert
  Reply
#3
(12-05-2018, 05:07 PM)Aad | hl.rgl.gg Wrote: mothership just needs to set it up, we're hoping to use letsencrypt to do it instead of paying $20+/year for a simple cert

Good idea, thanks for the quick response.
-spyro
  Reply
#4
site's now https Big Grin
  Reply
#5
The forums have been updated with HTTPS; please let me know if you guys find any bugs or issues.
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)