Forums

Forums are not HTTPS

Quick find code: 278-279-896-66059593

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
this is a simple nginx rule for a quick temp fix, pretty surprised nothings happened yet

fyi while you may think http is not dangerous I am personally accessing the forums via a country where it is commonplace to inject scripts into unencrypted pages. so yes encryption is very desired for me
bring back the lumbridge pig pit

25-Nov-2018 18:34:56

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
that is simply not true. any site that is not served by HTTPS is unencrypted and prone to a man-in-the-middle attack. which happened plenty to me while I was in china. it is incredibly shocking the forums are not HTTPS already.

it says Not secure for a reason. anyone serving you this web page can edit the contents of it, put in a script that makes you post whatever they want, read your traffic, inject the page with ads, etc. maybe you live in an area that is fortunate enough to not do these things but the fact is that not using HTTPS leaves these forums vulnerable to people who do, and many of us have played in areas where they indeed do
bring back the lumbridge pig pit

25-Dec-2018 16:32:32

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
I have not lost my account clearly, nor would I since the login page is HTTPS. but I am forced to put my forum status at risk here as a suitable aggressor could indeed hijack my online presence if they so desired. I don't think we should be doing reactionary policies but rather be proactive in preventing them. had my session been hijacked on the forum and someone else acting on behalf of this account none of you would believe me nor would anyone be able to help, so it is kind of moot to fixate on the fact that it hasn't happened yet, and jagex should be much more proactive in ensuring it does NOT happen. bring back the lumbridge pig pit

25-Dec-2018 18:51:52

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
offering this thread a friendly bump, 7 months have passed and the forums are still not secure

I say this after visiting china a 3rd time, a country where it is very typical for advertisers to inject content into the webpage and have the capability of performing a man-in-the-middle attack (e.g. posting on your behalf, spamming adverts on the forums as YOU, etc)

there really is no excuse that in middle of 2019 runescape, a site I have visited since 2001 does not have https on a front where users are expected to interact, especially if certain interactions can result in infractions on the account holder.

we are all basically at risk here until jagex fixes the issue and it is at jagex's discretion whether or not we are punished for something that is ultimately not our fault.
bring back the lumbridge pig pit

12-Jul-2019 08:10:11

Quick find code: 278-279-896-66059593Back to Top