4 replies to this topic

[Inveracity]

I don't know which forum section this belongs in, so I'm taking my chances here, in hopes a webdeveloper will see it.

I feel that it's a security issue that the login page is not at the very least, encrypted with SSL, when logging in to ones account on the mechwarrior online website.

Sitting in a public space, wanting to have a look around the beta forums, not knowing whether someone is sniffing your login credentials is a little unsettling.

I hope the webadministrators/developers will be made aware of this.

Thanks..

[SCAR ed]

and is it only me or have other fellow the same problem: even if I check the "keep me logged in" box, the website seemingly doesn't send me a cookie. cookies work fine for other websites, but with MWO, I tried different PCs with different browsers and none of them wokred ...

[CWolf]

I think what Inveracity has highlighted is a pretty problematic situation. I would like to see this addressed. I find the idea of my login credentials being sent without encryption to be unsettling. Thanks.

Edited by CWolf, 04 September 2012 - 10:06 AM.

[Inveracity]

I later found out that adding https:// to the start of the url when logging in, works.

Instead I request that users will be rerouted to the encrypted page instead by default.

Thanks.

[Kyle Polulak]

Your login credentials are sent securely when they are submitted to our servers however the rendering of the login form is not SSL. Also, the topic of Keeping yourself logged in has been rehashed many times. It's intended behaviour.