Retro Achievements should be linked to https://, not http://
Issue #6769
new
On Launchbox 12.8, retroachievements links in game details (little icons) are linked to non-secure pages on retroachievements. Unfortunately, retroachievements themselves don’t forward to their secure page automatically.
These should be opened on the secure pages (same URL, just https:// instead of http://) to avoid having people’s logins and passwords leaked when they sign in on the non-secure page.
Comments (2)
-
-
reporter
It is sending me to a page that I was not logged in on and it has a login form on it that’s sending credentials in plaintext.
I understand that this is not a Launchbox issue as such, and should really be fixed on the end of retroachievements, but it might lead to people accidentally logging in from the unsecure page, not expecting it to be unsecure.
IMO the reasonable thing for Launchbox is to always use https:// when sending people to external links (to protect Launchbox users), if retroachievements has issues with that they need to fix it.
- Log in to comment
We had issues with stability and their websites just not loading correctly using HTTPS when first implementing most of those features. I do want to make clear as well that your credentials can’t be middle manned because we never use them, and we never send you to a page that requires you to first log in. You can’t even place your password anywhere in LaunchBox so that isn’t really a concern to be had in this instance.