Opened 3 years ago

Closed 15 months ago

#4707 closed defect (fixed)

Use HTTPS for feedback.wildfiregames.com

Reported by: rugk Owned by:
Priority: Should Have Milestone: Alpha 23
Component: Network Keywords:
Cc: Patch:

Description

Reasoning: Tracking data should never be transmitted via insecure ways. You cannot protect it and thus expose it to anyone in the connection. (even passive attackers could just sniff it) And you actually promise to handle the raw data confidentially…

For a complete reasoning, see https://wildfiregames.com/forum/index.php?/topic/22694-insecure-transmission-of-statisticsapplication-feedback/

Threat model: Any network attacker; three-letter agencies or attackers in wifi

Change History (2)

comment:1 Changed 3 years ago by rugk

Summary: USe HTTPS for feedback.wildfiregames.comUse HTTPS for feedback.wildfiregames.com

comment:2 Changed 15 months ago by elexis

Keywords: security removed
Milestone: BacklogAlpha 23
Resolution: fixed
Status: newclosed

In r21898:

New UserReporter? Terms and Conditions, hopefully GDPR compliant, refs #5257.
Require SSL for the UserReporter? clientside.

Differential Revision: ​https://code.wildfiregames.com/D1598
Includes contributions by bb and Itms

Note: See TracTickets for help on using tickets.