Website not under HTTPS


Website Feedback


Hi,

I've recently gotten into Pathfinder, and am browsing your website for the first time, but I'm a little concerned that the main website is not under https. Looking through your past post history it seems like the rationale was that "it is ok as long as the payment is under https but we are still looking into it". However, I don't see how that helps and it should take much to change it.

Thanks!

Liberty's Edge

I was suprised by this as well - pretty crazy in this day and age.


HTTPS doesn't actually add anything if you're not sending important information (other than extra processing at both ends)

It might make website implementation a bit simpler if it's all secure rather than switching back & forth though, as there's less chance of messing something up and ending up insecure when it should be encrypted.

Silver Crusade System Administrator

We take security pretty seriously here but a lot of our site is public and searchable. When you are viewing things that basically everyone can see we don't use https. Encryption used to take up a significant portion of the CPU and while that's no longer the case, really, we have a lot of legacy code to go through and change all that. Currently, when you go to My Downloads or sign in or are checking out, all of that goes through SSL(TLSv1.2 technically). So that information is safe.

Thanks for letting us know, though.

Community / Forums / Paizo / Website Feedback / Website not under HTTPS All Messageboards

Want to post a reply? Sign in.