Jump to content
Eternal Lands Official Forums
Sign in to follow this  
Esteria

TLS for both forums and server

Recommended Posts

RIP Learner. He ran this awesome TLS proxy for EL and it stopped working a short while ago. Is there any chance it will be resurrected by someone? Sharing my credentials with my network admins or ISP is not something I want. And yes, this risk is very real.

 

This also applies to this very website. I already get a big fat warning about the connection being unencrypted and passwords will be exposed. When will this change? This is a really basic security measure that is lacking.

If you have any reasons against setting up HTTPS, check out https://doesmysiteneedhttps.com/

Share this post


Link to post
Share on other sites

Absolutely 100% agree in 2022 to have a website that is not https is ridiculous.  Pretty much any decent hosting service will provide for free. Sadly Radu does not seem to care about the website... even the shop page is way out of date and a total mess.  As for the game- again it should encrypted - and Learner proved that it is possible.  The other advantage to this is that it gets rid of the insane solution that EL still uses port 2000 - a port that is often blocked by ISPs - when surely a change to pretty much any other port would be trivial.

 

That being said - I feel that you are being paranoid.  So what if transmissions to EL website are unencrypted... hardy state secrets.  Simply use a throwaway password for the site and you are fine.  Never click through to the shop if you purchase things - simply go in from paypal and you will be fine. 

 

As for the in game password - remember it is exactly that a game.  You say that you are concerned about your network admins / ISP accessing... if so then you may well have bigger problems than just a game.

Share this post


Link to post
Share on other sites
Quote

I feel that you are being paranoid

 

Yes, I very much am lol. I am a certified sysadmin and care a LOT about security, I even sandboxed the client with firejail and made custom netfilter rules for it. I know it is just a game but there is still a significant risk. This is not just about passwords, this is also about chat being exposed and much more. All the risks that come with a plaintext connection, as you know.

 

Quote

You say that you are concerned about your network admins / ISP accessing

 

This is fully transparent. There is absolutely no way to notice logging, which made this treacherous. This problem has mostly been eliminated thanks to https and other encrypted protocols. Yet this still has to be considered as a MITM can be present everywhere and you would not even notice. Defense in depth!

Share this post


Link to post
Share on other sites

OMG - guess what - EL forums are now https :)

 

Intrigued by a 3 month validity - but many thanks to whomever waved their magic wand.

 

Share this post


Link to post
Share on other sites

I heard something about letsencrypt, and they issue certificates valid for 90 days (but renewal can be automated)

Share this post


Link to post
Share on other sites

The setup can still be improved, especially because of http-only redirects and loading of media over http and not https. This is definitely better than before but there are still some warnings. The mixed-content one I just mentioned would be the most important one to resolve.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×