Welcome to the Achaea Forums! Please be sure to read the Forum Rules.

https support

This isn't a game idea but an improvement to the website.

Is it possible to add https support to the Iron Realms website? (achaea.com, forums.Achaea.com, ironrealms.com, client.achaea.com, etc...).
This will make the website more secure so it is safer to use in public places without anyone else snooping on you (employer, other people on public wifi, pesky siblings, ...)

Additionally, could the game itself be hosted through tls?
There is a bit of a chicken and egg problem there as tls support in mud client is poor (I only know of tintin++ that supports that), but it needs to start somewhere!
This is actually easy to accomplish using an external tool like stunnel: this is transparant to achaea (except for maybe logging of IP addresses). On the client side stunnel can also be used for clients that don't support tls natively.

Comments

  • Tecton
    Tecton The Garden of the GodsAdministrator Posts: 2,507 Admin
    Chani said:
    This isn't a game idea but an improvement to the website.

    Is it possible to add https support to the Iron Realms website? (achaea.com, forums.Achaea.com, ironrealms.com, client.achaea.com, etc...).
    This will make the website more secure so it is safer to use in public places without anyone else snooping on you (employer, other people on public wifi, pesky siblings, ...)

    Additionally, could the game itself be hosted through tls?
    There is a bit of a chicken and egg problem there as tls support in mud client is poor (I only know of tintin++ that supports that), but it needs to start somewhere!
    This is actually easy to accomplish using an external tool like stunnel: this is transparant to achaea (except for maybe logging of IP addresses). On the client side stunnel can also be used for clients that don't support tls natively.

    The game sites all support HTTPS, so you can log on to https://www.achaea.com as your character, then click on the "play now" button while never transmitting any login credentials over plain text.

    Anything passed from the client won't be encrypted, but your credentials are safe from sniffers and the like. 

    Re TLS/other secure connections to the game: It's something we'd like to do eventually, our testing has has less-than-stellar results in terms of increased server load when you factor in the amount of text we send/receive having to be de/encrypted for 100 - 200 people at a time.
    Sobriquet
  • Chani
    Chani Member Posts: 2
    Oh awesome! I tried http://achaea.com (without the www) and then it redirected to http://www.achaea.com (not https), so I thought it didn't work.
    I'm going to go ahead and write some https-everywhere rules for those that use that extension.

    Bummer about tls though, but glad to know you experimented with it already :)
Sign In to Comment.