https
Hello,
the main page of TSO is http://www.thesettlersonline.com . This page allows to login to the game. Because there is Uplay account used to login, I would like to ask you for change the main page to https protocol. It is necessarry to keep our Uplay accounts more safe.
Thanks.
Milan
20th July 2021: TSO died with Unity. RIP.
https? Someone? Anyone?
Hello,
Bluebyte people, can you check this please? http://forum.thesettlersonline.com/threads/30485-https . Thanks.
Milan
20th July 2021: TSO died with Unity. RIP.
Threads merged: "https", "https? Someone? Anyone?"
Hello mrfatalerror,
Don't worry, your uplay account should be safe.
The homepage builds an encrypted tunnel (an https connection so to speak) with the uplay authentication servers, before sending your login details.
If you look at the homepage while you are not yet logged in you will see:
When you click on that link you will see a short description of the method used to log in.
For more information you could contact Support, and hopefully they will be able to provide the details you are looking for.
You can contact Support using the contact form on this page
It seems fine. Ok, thank you for the reply. I hope this solution is robust enough.
Milan
20th July 2021: TSO died with Unity. RIP.
The description is there but the game doesn't comply with the description.
Also the login form sends the credentials to www.thesettlersonline.com/en/api/user/login/ with http post without SSL ecryption.Originally Posted by Durin_d
There is mentioning on the login page that all data transferred between game client running on our browser and the servers is secured with SSL. However when I follow the traffic that the game generates with Chrome developer tools it's not encrypted with SSL but plain unencrypted http.
Last edited by Durin_d; 25.03.15 at 10:13. Reason: login form info
Wow, Durin_d, that's kind of a big deal. Can we get a word from a BB representative on this? It's a significant security breach for anyone who plays TSO from the airport / coffee shop / any other public wifi.
EVO is recruiting.
Players of all levels and experiences welcome. We like to teach.
Take a look at our recruitment thread, or send me a PM if you're interested.
Join the evolution today!
While I can't verify that flash is used, ajax is used and an ssl connection is created. Which can be easily seen by opening the link found with chrome developer tools
This is actually untrue, if you look at where the request is sent you'll see it is send to https://www.thesettlersonline.com/en/api/user/login/
Login data transfer and shop actions are https encrypted. We take security very seriously and have some of the highest standards in the industry in this regard.
We do not accept insecure requests to /api.
If you have further questions or concerns regarding security, please send an email to webmaster@ubisoft.co.uk
I stand corrected on the login. I was mistaken as http://www.thesettlersonline.com/en/api/user/login responses.
The game and chat connections use plain http
Last edited by Durin_d; 25.03.15 at 15:19.
2 years, 4 months and 3 days later ... https://forum.thesettlersonline.com/...-HTTP-gt-HTTPS . Finally.
I hope the game futures will be implemented little faster :-/ .
Milan
20th July 2021: TSO died with Unity. RIP.
Posting Permissions
Reply With Quote
