04-29-2021, 06:17 AM
(04-28-2021, 05:53 PM)myth Wrote:(04-28-2021, 04:24 PM)Shannon Wrote: I have had Andrew explain this to me 3 times within the last 10 years as to why we don't have that, and every time he tells me it doesn't matter and why it doesn't matter, but I never remember it when the time comes to explain it to customers. Every time he does, it makes perfect sense, and there is a good reason it's not https. Unfortunately, he's not available to explain it. However, I don't think that's going to be an issue for much longer regardless.
Oh, you've had https available for years, although the secure certificate hasn't always been renewed promptly when it expires. It usually works fine, but given this post here, it seems like the SSL certificate was probably renewed last April and probably just expired recently, after that year was up.
I'd guess that Andrew's point about not really needing it would be that 1) most customers are worried about billing info security, 2) Paypal's site is where customers provide billing info, and 3) Paypal has https. And, yeah, if secure billing info were my only concern, I'd have already preordered OF v3 by now.
But, no, it's the Subliminal Shop logins that we perform in order to purchase or download that still needs the https around. With only http, we're sending plaintext usernames and passwords, which, if sniffed by a middle man (I could describe in more detail, but I'd rather not), might allow that middle man access to download the compromised user's files, redistribute them, and activate the anti-piracy scripting that we've all spent years listening to. That's what I'm concerned about, not billing security.
Andrew had a good logical response to this as well, and of course I don't remember what it was because it's been years.
This "issue" - I don't really know and remember enough about the technical details to know if it is actually an issue - will not be around for much longer, but the time frame is out of my hands to some degree.
In the case that someone intercepted and stole your login details, and then started pirating your purchases, the anti-piracy code would not trigger for you unless you had committed piracy. If you're just the receiver of a hack and the hacker then commits piracy, the scripting would trigger for them and those who use the program that was hacked. Not you. Getting hacked and involuntarily losing control of your login details =! piracy. The anti-piracy code fully considers personal responsibility. Piracy is a choice. Those who make that choice trigger it, even if they don't think of it as piracy. Those who do not make that choice are unaffected, because without making that choice, you're not going to commit piracy!
Subliminal Audio Specialist & Administrator
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!
The scientist has a question to find an answer for. The pseudo-scientist has an answer to find a question for. ~ "Failure is the path of least persistence." - Chinese Fortune Cookie ~ Logic left. Emotion right. But thinking, straight ahead. ~ Sperate supra omnia in valorem. (The value of trust is above all else.) ~ Meowsomeness!