Cranktrain

Hi Spine team! Why do you only have your SSL certificate active on the Spine payment page, and on the Login/Register pages here on the forums? Just have it apply to every page! Then the browser won't do that red lock icon with the "this connection is insecure" message all the time.

My logged-in-as-user token gets sent in plain-text whenever I load a page here on the forum, which may as well be my password as far as phpbb3 is concerned. All the esotericsoftware.com https urls already get rewritten to http, so just reverse that and all is well. Probably worth doing!
Avatar utente
Cranktrain
  • Messaggi: 93

Nate

Aye, we've been meaning to do this for a while. Long ago it was better to avoid the overhead of HTTPS for pages that don't need it, which can make a difference for some users, such as those in China. Nowadays it's standard to use HTTPS for everything, we just haven't made the change yet. We do use HTTPS for the most important pages (payments, Spine license, etc).
Avatar utente
Nate

Nate
  • Messaggi: 11943


Torna a Off-topic