Project-GC Q&A - Recent questions tagged security

Challenge checker wont work on https

Mon, 02 Jan 2017 20:05:19 +0000

After implementing a link to the PGC challenge checker in c:geo (available in current nightly builds) I have recognized the checker is not working on the opened page.

While digging deeper I think it is caused by the fact that we call the site with https like this:
https://project-gc.com/Challenges/GC3RG33

If you use that link and execute the checker an error is shown.

Calling http://project-gc.com/Challenges/GC3RG33 it works normal.

Link to c:geo bugracker:

https://github.com/cgeo/cgeo/issues/6224

We could implement a workaround to call http instead, however I think it should be fixed anyway on PGC.
Please kindly tell us (in the linked issue) how to proceed.

Thanks,

Lineflyer
c:geo team

Force https, can for example use https://letsencrypt.org/ for certificate

Mon, 05 Sep 2016 19:04:49 +0000

For security for both project-gc and its users, I recommend forcing https for project-gc.com.

For a good talk about the issue: https://www.youtube.com/watch?v=YMfW1bfyGSY

Talk is from Google I/O 2016

Connection is not secure, Firefox warns

Tue, 02 Aug 2016 20:32:30 +0000

When accessing https://project-gc.com/ , Firefox shows a padlock with a yellow warning sign next to the url. Clicking on it reveals a dialog box stating in red letters "Connection is Not Secure".

I think this issue should be fixed as soon as possible.