HyperText Transfer Protocol Secure (HTTPS)

Nakisan
Nakisan

June 25th, 2017, 11:38 am #1

Dear Gw2Timer Team,

first: nice work!

but why it dont have an https protocol? there is an area for login and to store your api code. so it would be necessary to protect the user data or?

kind regards,

Nakisan

p.s. sorry if i wrote something wrong. my english isnt the best. hope you understand my issue.
Quote
Share

Joined: August 8th, 2008, 8:42 am

June 25th, 2017, 5:42 pm #2

The website runs on your computer. When you put in the API key, it is stored in your browser, not the website. Also, the API key is only sent to ArenaNet servers. I do not view or store your API key or any account information. I can only see what is on your browser address bar when you are on the website.

Because there is no https, other people may be able to spy on your API key when you use WiFi. The worst that can happen is people spying on your character's name, inventory contents, or traded items, which are all in-game information.

There is no password or personal information being sent because there is no login on the website. When I add user registration and passwords, then I will add https.
Last edited by Drant on June 25th, 2017, 6:52 pm, edited 1 time in total.
Quote
Like
Share

Joined: April 11th, 2017, 12:36 pm

August 31st, 2017, 3:00 pm #3

It's true that you might not need it for security reasons but there are other reasons, someone made a nice site about it: https://doesmysiteneedhttps.com

It's mainly that second point, stuff like this happens still: https://www.privateinternetaccess.com/b ... -messages/
Quote
Like
Share

Confirmation of reply: