Ben10do
New Member
- Joined
- Jun 15, 2015
- Messages
- 2
- Reaction score
- 0
I know this isn't exactly an exciting idea, but it's important nonetheless.
As far as I can work out, none of the Bulbagarden sites feature HTTPS encryption. Whilst this may seem trivial at a glance, this is something that many people have come to expect from all kinds of websites these days. Given that websites like DuckDuckGo and Wikipedia use HTTPS all the time, for arguably unimportant content, I think that Bulbagarden should follow suit. After all, as things stand, not even our logins are encrypted over the Internet. This could lead to accounts being easily hacked after logging in on insecure Wi-Fi networks (like the classic coffee shop scenario), and this could easily escalate if someone were to use the same username and password on other websites.
It seems like there are certificate authorities out there who can provide certificates for free, so cost shouldn't be an issue. One I found was Let's Encrypt, which should be available relatively soon (they say Mid-2015), but this is, of course, just one option of many.
It would be great if HTTPS could be enabled all the time, everyone, so long as this doesn't cause any issues, but as a minimum, this should be introduced when logging onto the forum and the wikis, and when creating an account, etc. Hopefully this shouldn't be too challenging to implement
As far as I can work out, none of the Bulbagarden sites feature HTTPS encryption. Whilst this may seem trivial at a glance, this is something that many people have come to expect from all kinds of websites these days. Given that websites like DuckDuckGo and Wikipedia use HTTPS all the time, for arguably unimportant content, I think that Bulbagarden should follow suit. After all, as things stand, not even our logins are encrypted over the Internet. This could lead to accounts being easily hacked after logging in on insecure Wi-Fi networks (like the classic coffee shop scenario), and this could easily escalate if someone were to use the same username and password on other websites.
It seems like there are certificate authorities out there who can provide certificates for free, so cost shouldn't be an issue. One I found was Let's Encrypt, which should be available relatively soon (they say Mid-2015), but this is, of course, just one option of many.
It would be great if HTTPS could be enabled all the time, everyone, so long as this doesn't cause any issues, but as a minimum, this should be introduced when logging onto the forum and the wikis, and when creating an account, etc. Hopefully this shouldn't be too challenging to implement
