Welcome Guest [Log In] [Register]
HyperText Transfer Protocol Secure (HTTPS); Why the Site dont have it?
Topic Started: Sunday, 25. June 2017, 19:38 (641 Views)

Dear Gw2Timer Team,

first: nice work!

but why it dont have an https protocol? there is an area for login and to store your api code. so it would be necessary to protect the user data or?

kind regards,


p.s. sorry if i wrote something wrong. my english isnt the best. hope you understand my issue.
Quote Post Goto Top
Member Avatar

The website runs on your computer. When you put in the API key, it is stored in your browser, not the website. Also, the API key is only sent to ArenaNet servers. I do not view or store your API key or any account information. I can only see what is on your browser address bar when you are on the website.

Because there is no https, other people may be able to spy on your API key when you use WiFi. The worst that can happen is people spying on your character's name, inventory contents, or traded items, which are all in-game information.

There is no password or personal information being sent because there is no login on the website. When I add user registration and passwords, then I will add https.
Offline Profile Quote Post Goto Top

It's true that you might not need it for security reasons but there are other reasons, someone made a nice site about it: https://doesmysiteneedhttps.com

It's mainly that second point, stuff like this happens still: https://www.privateinternetaccess.com/blog/2016/12/comcast-still-uses-mitm-javascript-injection-serve-unwanted-ads-messages/
Offline Profile Quote Post Goto Top
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · GW2Timer.com - GW2 - Guild Wars 2 · Next Topic »