Forgot password?
login to RetroAchievements:
User: 
Pass: 

Please enable HTTPS

AuthorMessage

jippen
Posted: 06 Dec, 2017 11:25
Last Edit: 06 Dec, 2017 16:13
So, its 2017, this site has a forum login with user passwords, and no https? This is silly - its free and easy to set up these days.

For the security of all your users, I recommend setting up certbot and running the website in https-only mode. To set up your server, please see this guide from the EFF: https://certbot.eff.org/#centosrhel7-apache

At this point, you should also set the Secure flag (and probably HTTPOnly as well) on the RA_Cookie session cookie.

ZeroLifex00
Posted: 11 Jan, 2018 10:18
Last Edit: 11 Jan, 2018 11:00
I second this. It should be high on the list of priorities. Can't believe nobody has replied/supported.

GAMERJET
Posted: 31 Jan, 2018 22:49
I'm all for more security.

ZeroLifex00
Posted: 12 Feb, 2018 09:47
Chrome is soon going to mark non-HTTPS sites insecure starting July 2018. So they're helping sites upgrade to HTTPS. It's all here and looks pretty simple tbh: https://blog.chromium.org/2018/02/a-secure-web-is-here-to-stay.html

frost
Posted: 20 Mar, 2018 15:30
Last Edit: 20 Mar, 2018 18:17
This is really simple now. It's all automated and free with LetsEncrypt.

login

login to RetroAchievements:
User: 
Pass: 
or create a new account