Secure login on the website

Case number:671076-988172
Opened by:UncleMion
Opened on:Monday, August 9, 2010 - 18:58
Last modified:Monday, July 29, 2013 - 06:27

The website doesn't use https when users log in. It somewhat removes the benefit of forcing strong passwords if they'll just be sent unencrypted.

(I was able to use by typing it into the address bar, and clicking links keeps me in https, but once I submit a form it usually switches me back to http)

Makes me wonder: does the game itself use secure connections?


(Mon, 08/09/2010 - 18:58  |  3 comments)

spmm's picture
User offline. Last seen 7 weeks 6 days ago. Offline
Joined: 08/05/2010
Groups: Void Crushers

not sure if this is still a problem for anyone, if not we can close it.

MurloW's picture
User offline. Last seen 27 weeks 2 days ago. Offline
Joined: 11/21/2012

Secure connections FTW.

brow42's picture
User offline. Last seen 2 weeks 6 days ago. Offline
Joined: 09/19/2011
Groups: None

I haven't sniffed the packets for my password, but we do know that the client does set up SSL. Presumably before it sends the password.

The client is next scheduled to turn into a pumpkin in 9 months (April 27, 2014).


Developed by: UW Center for Game Science, UW Institute for Protein Design, Northeastern University, Vanderbilt University Meiler Lab, UC Davis
Supported by: DARPA, NSF, NIH, HHMI, Amazon, Microsoft, Adobe, Boehringer Ingelheim, RosettaCommons