Forums

Forums are not HTTPS

Quick find code: 278-279-896-66059593

of 5
BowAndARose
Apr Member 2018

BowAndARose

Posts: 743Steel Posts by user Forum Profile RuneMetrics Profile
I just noticed while browsing the forums that they are not HTTPS. For a game developer that takes steps to ensure player account safety I find it odd that the forums are not a secure domain.

12-Nov-2018 07:48:24

Archaeox
Dec Gold Premier Club Member 2011

Archaeox

Posts: 46,317Sapphire Posts by user Forum Profile RuneMetrics Profile
Mod Allstar said:
As Supper Man40 quoted

Original message details are unavailable.
Yes, we want to make the site HTTPS and of course we take security seriously, we haven't yet however had the opportunity to push this site-wide.

Anything we develop in the future will be (where is technically possible due to integration with old systems) created with HTTPS in mind.

We've already begun this process with our pages such as Eastern Lands and RuneMetrics


This still continues to be the case :)

~~~~ Just another victim of the ambient morality ~~~~
~~ Founder of the Caped Carousers quest cape clan ~~

12-Nov-2018 09:13:28

Louiellen

Louiellen

Forum Moderator Posts: 50,866Emerald Posts by user Forum Profile RuneMetrics Profile
As Google Chrome is the browser of choice for the majority of Internet users, Google is a very influential name with shaping the future of browsers in general. They throw their weight around, pressuring web developers to comply. All non-encrypted webpages are categorized by Chrome as "not secure".

It does not mean that the user will get hacked, it just meant that the exchange of data from the user to the webserver and back is not encrypted. Here in Runescape, pages for RSOF are http only, hence the Chrome warning. I've warned Jagex about this issue early on, as Google made a public announcement about it a year prior to the implementation.

12-Nov-2018 11:47:23

Chee
Jul Member 2016

Chee

Posts: 1,215Mithril Posts by user Forum Profile RuneMetrics Profile
idk what that means but I assume it has to do with this?



I saw the red alert triangle which is why I came here

so why can't it be fixed exactly?

also the eastern lands link redirects me to the front page and the metrics link is broken
@Chee__RS
Maxed
Ironwoman

Maxed on January 28th 2018 at 12:52 AM

12-Nov-2018 16:54:10 - Last edited on 12-Nov-2018 16:55:09 by Chee

Spearmint30
Apr Gold Premier Club Member 2012

Spearmint30

Posts: 17,449Opal Posts by user Forum Profile RuneMetrics Profile
Chee said:
idk what that means but I assume it has to do with this?
You'll see this while browsing the forums and..Chee said:
.. this when you begin to enter information into a form (such as a reply or a new thread).Chee said:
so why can't it be fixed exactly?
It's not that it can't be fixed, but it's a process that each module of the site is going through being changed in stages. Anything new on the site goes up with HTTPS, but the older stuff needs to be migrated over. The forums haven't been gotten to yet.

As mentioned already, there's no danger with the forums being insecure as anything we enter is posted publically anyway and the login is secured so there's no need for urgency with this.
Spearmint30
|
Taking a long walk on the beach.

12-Nov-2018 17:21:22

Louiellen

Louiellen

Forum Moderator Posts: 50,866Emerald Posts by user Forum Profile RuneMetrics Profile
Chee said:
idk what that means but I assume it has to do with this?



I saw the red alert triangle which is why I came here

so why can't it be fixed exactly?

also the eastern lands link redirects me to the front page and the metrics link is broken


From our end as forumers, we cannot do anything. The solution is at Jagex's end, when they finally implement https everywhere for the whole runescape.com domain, not just the login page.

The bottom line, all are ok: you won't get hacked just for being here in RSOF.

But as a good Internet citizen, Jagex has to bite the bullet to implement https everywhere like what Google, Mozilla and Microsoft are demanding web developers to do.

13-Nov-2018 10:22:15

Southeaster
Nov Gold Premier Club Member 2014

Southeaster

Posts: 14,777Opal Posts by user Forum Profile RuneMetrics Profile
Archaeox said:
Mod Allstar said:
As Supper Man40 quoted

Original message details are unavailable.
Yes, we want to make the site HTTPS and of course we take security seriously, we haven't yet however had the opportunity to push this site-wide.

Anything we develop in the future will be (where is technically possible due to integration with old systems) created with HTTPS in mind.

We've already begun this process with our pages such as Eastern Lands and RuneMetrics


This still continues to be the case :)

This post was back in January. What's taking the web team so long?
whoever is humming the jaws theme is gonna get slapped

13-Nov-2018 14:22:45

Mod Lyon

Mod Lyon

Jagex Moderator Forum Profile Posts by user
Southeaster said:
Archaeox said:
Mod Allstar said:
As Supper Man40 quoted

Original message details are unavailable.
Yes, we want to make the site HTTPS and of course we take security seriously, we haven't yet however had the opportunity to push this site-wide.

Anything we develop in the future will be (where is technically possible due to integration with old systems) created with HTTPS in mind.

We've already begun this process with our pages such as Eastern Lands and RuneMetrics


This still continues to be the case :)

This post was back in January. What's taking the web team so long?


We've been working on other things. This was never the only thing we are working on. That continues, but as we update the website we'll be moving it to HTTPS. Anything critical has been moved already.
Jagex Web Team

Twitter - @JagexLyon

13-Nov-2018 14:34:40 - Last edited on 14-Nov-2018 14:43:35 by Mod Lyon

Southeaster
Nov Gold Premier Club Member 2014

Southeaster

Posts: 14,777Opal Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said:
Southeaster said:

This post was back in January. What's taking the web team so long?


We've been working on other things. This was and continues to not be the only thing we are working on.
:|
whoever is humming the jaws theme is gonna get slapped

14-Nov-2018 03:13:57

Immortalized
Mar Member 2006

Immortalized

Posts: 32,664Sapphire Posts by user Forum Profile RuneMetrics Profile
this is a simple nginx rule for a quick temp fix, pretty surprised nothings happened yet

fyi while you may think http is not dangerous I am personally accessing the forums via a country where it is commonplace to inject scripts into unencrypted pages. so yes encryption is very desired for me
@@@ @@@
^^^ click this ^^^
^^^^^ important ^^^^^


bring back the lumbridge pig pit

25-Nov-2018 18:34:56

Quick find code: 278-279-896-66059593Back to Top