Recommend
8 
 Thumb up
 Hide
10 Posts

BoardGameGeek» Forums » BoardGameGeek Related » BGG Suggestions

Subject: SSL encryption rss

Your Tags: Add tags
Popular Tags: privacy [+] ssl [+] [View All]
Iain Cheyne
United Kingdom
Reading
Berkshire
flag msg tools
badge
Avatar
mb
Seriously, when are we going to get this? The new Firesheep plugin for Firefox makes it trivially easy to snoop Boardgamegeek accounts if a user logs in over an open (unencrypted) wireless network.

See this post by Steve Gibson for more detail.
3 
 Thumb up
0.05
 tip
 Hide
  • [+] Dice rolls
United States
Texas
flag msg tools
badge
"that's a smith and wesson, and you've had your six"
Avatar
mbmbmbmbmb
Re: SSL encrypted login
I could name a few reasons but the biggest being that CA Certs are $$$
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Iain Cheyne
United Kingdom
Reading
Berkshire
flag msg tools
badge
Avatar
mb
Re: SSL encrypted login
$90 a year for 5 domains is cheap compared to the other expenses Boardgamgeek pays.

http://www.godaddy.com/ssl/ssl-certificates.aspx
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Iain Cheyne
United Kingdom
Reading
Berkshire
flag msg tools
badge
Avatar
mb
More background on why BGG should do this: SSL/TLS is not computationally expensive any more
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
James Ludlow
United States
Saint Louis Park
Minnesota
flag msg tools
badge
Avatar
mbmbmbmbmb
icheyne wrote:
$90 a year for 5 domains is cheap compared to the other expenses Boardgamgeek pays.

http://www.godaddy.com/ssl/ssl-certificates.aspx


BGG would likely need wildcard certs.

I run my web traffic through a SOCKS proxy to add some measure of security. Open wifi networks are still risky though.

 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Steve B
United States
Rochester
New York
flag msg tools
badge
Avatar
mb
I knew there was a reason I used hard-wired computers and encrypted wireless only...
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Andreas Krüger
Germany
Krefeld
flag msg tools
badge
Avatar
mbmbmbmbmb
Quote:
The snooper, then logged on and impersonating the victim, can do anything the original logged on user/victim might do.


For the record, whenever I say something stupid here, it was THEM! ninja
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Rob Neuhaus
United States
New York
NY
flag msg tools
Avatar
mbmbmbmbmb
Given the trade off of

- BGG getting slower and more complicated

in return for

+ No one knowing I am viewing BGG, and the removing the almost negligible threat of having my account stolen

just doesn't seem worth it. I don't care that everyone in the world see s that I view BGG, and if you really want to steal my account, go for it.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Russ Williams
Poland
Wrocław
Dolny Śląsk
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
rrenaud wrote:
Given the trade off of

- BGG getting slower and more complicated

See the "SSL/TLS is not computationally expensive any more" comment earlier in the thread.

Quote:
in return for

+ No one knowing I am viewing BGG, and the removing the almost negligible threat of having my account stolen

just doesn't seem worth it. I don't care that everyone in the world see s that I view BGG, and if you really want to steal my account, go for it.

But a lot of people probably care more about their account than you apparently do. I've invested more time and effort than I care to imagine adding content here in the form of reviews, forum threads, game ratings and comments, logged plays with comments, etc, and I'd care a great deal if some hacker easily snatched control and maliciously deleted it all.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Peaceful Gamin'
Canada
Vancouver
BC
flag msg tools
designer
You found our Geekbadge Overtext. Congratulations! :-)
badge
Gaming is fun. And this is a hypercube. The sun is shining
Avatar
mbmbmbmbmb
motion backed.

should be standard everywhere.
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.