Forums

Any updates on HTTPS?

Quick find code: 278-279-969-66099380

of 3
Mexk
Aug
fmod Gold Premier Club Member
2006

Mexk

Forum Moderator Posts: 19,213Opal Posts by user Forum Profile RuneMetrics Profile
Hi

Given that the last update which involved HTTPS was more than a year ago, do you have any updates on the situation in regards to adequately covering the rest of the website? I am honestly surprised it has been this long -- even for a feature prioritised as low (for reasons I am not sure) as I imagine this is. With reference to https://doesmysiteneedhttps.com/, it would be great to have something happening on this front soon. It is a handful of years overdue at this point ;).

Thanks!
¸,.•
Mexk
•.,¸

Stand up for what is right, even if you stand alone
¨`'°«„¸¸„»°'
.............................
'°«„¸¸„»°'´¨

07-May-2019 12:07:22 - Last edited on 07-May-2019 12:07:57 by Mexk

Louiellen

Louiellen

Forum Moderator Posts: 51,052Emerald Posts by user Forum Profile RuneMetrics Profile
With the way things are moving, web browser makers may soon auto-block all http-only websites, with users given the option to whitelist specific ones they wish. Is Jagex waiting for that, in order to be forced to make the whole Runescape.com domain https-everywhere?

I am personally not happy with the lack of urgency from Jagex's web development team when it comes to this issue. This is way way way overdue.

07-May-2019 12:17:27 - Last edited on 07-May-2019 12:18:33 by Louiellen

NexOrigin

NexOrigin

Posts: 1,320Mithril Posts by user Forum Profile RuneMetrics Profile
Again, for the nth time this discussion has come up... it's not needed.

The portions of the website which would facilitate a need for https are already under https. Making the entire website https for no reason serves absolutely no purpose, and is simply a waste of resources.

07-May-2019 12:37:03 - Last edited on 07-May-2019 12:38:33 by NexOrigin

Louiellen

Louiellen

Forum Moderator Posts: 51,052Emerald Posts by user Forum Profile RuneMetrics Profile
No waste of resources as even the lowest end smartphone can effortlessly open https website.

Besides, the pressure is not from Mexk and myself, Nexus. The pressure comes from browser makers: Google, Microsoft, Apple, Mozilla and the rest of the industry. We are moving to an age when the whole web needs to be encrypted. There is no longer alibi that a digital certificate is expensive, as there are free providers like https://letsencrypt.org/.

Jagex already uses a certificate, they just need to extend its use for the whole runescape.com domain. There is no additional cost of acquiring digital certificate, as they already have one.

07-May-2019 12:50:49

Mexk
Aug
fmod Gold Premier Club Member
2006

Mexk

Forum Moderator Posts: 19,213Opal Posts by user Forum Profile RuneMetrics Profile
Nex, please refer to the website I referenced in my OP.

There is simply no excuse for not having gotten this done already.
¸,.•
Mexk
•.,¸

Stand up for what is right, even if you stand alone
¨`'°«„¸¸„»°'
.............................
'°«„¸¸„»°'´¨

07-May-2019 13:00:51

YtHaar-Mej
Dec Gold Premier Club Member 2005

YtHaar-Mej

Posts: 22,945Opal Posts by user Forum Profile RuneMetrics Profile
Louiellen said:
No waste of resources as even the lowest end smartphone can effortlessly open https website.

Besides, the pressure is not from Mexk and myself, Nexus. The pressure comes from browser makers: Google, Microsoft, Apple, Mozilla and the rest of the industry. We are moving to an age when the whole web needs to be encrypted. There is no longer alibi that a digital certificate is expensive, as there are free providers like https://letsencrypt.org/.

Jagex already uses a certificate, they just need to extend its use for the whole runescape.com domain. There is no additional cost of acquiring digital certificate, as they already have one.

This.

I run a website for a non-profit organization, and we have to use letsencrypt to be able to use https for our sites since we cant really afford a proper https certificate...but we have it and I get the fun job of renewing every 3 months since it’s a necessity to have now-a-days (also just got our last google site off the classic page onto our hosting so they can use https too).

And since both the secure and services subdomain have https, the non ssl pages really need to be moved over now.
Can I turn in a paper without citing all sources?
"No."[1]
1. William Shakespeare, Hamlet, Act III, Scene 1, line 96.

07-May-2019 13:38:13

2_Tron

2_Tron

Posts: 18,495Opal Posts by user Forum Profile RuneMetrics Profile
Mexk said:
Hi

Given that the last update which involved HTTPS was more than a year ago, do you have any updates on the situation in regards to adequately covering the rest of the website? I am honestly surprised it has been this long -- even for a feature prioritised as low (for reasons I am not sure) as I imagine this is. With reference to https://doesmysiteneedhttps.com/, it would be great to have something happening on this front soon. It is a handful of years overdue at this point ;).

Thanks!
I have a question, what extra security do I personally gain on top of what already has been offered by Jagex at the moment? I am curious what your offer does offer us players.

08-May-2019 10:51:26

2_Tron

2_Tron

Posts: 18,495Opal Posts by user Forum Profile RuneMetrics Profile
Chief Elf said:
2_Tron said:


Some basic reasons;

- it prevents certain ISPS from injecting their own scripts or ads
- complete encryption between you and the website
- https is SSL certified issued by a legit certificate authority to ensure that you are connected to the website which you've identified
Ever since I'd started to browse The Internet up to this day I've never ever witnessed anyone or anything injecting scripts into the webpages I'd visited / requested.

Adding ads? I don't want any ads whatsoever at all but as far as I understand https is to protect those ads that do come with a website thus only helping businesses advertising onto websites.

Care to elaborate ISPS? I am not certain what you mean with that.

Complete encryption between me and the website I am visiting is- and sounds nice but who does actually provide these encryption these days?

Quite frankly it doesn't protect me at all from attacks / abuse or any other criminal activity as it only confuses users thinking they are being safe on The Internet.

A total hoax ...

08-May-2019 13:10:09

Quick find code: 278-279-969-66099380Back to Top