Secure Update Checking

Do you want to see something in X1? Do you dislike something about X1? Let us know!

Moderator: Mods

Secure Update Checking

Postby tjh » Mon Apr 14, 2008 1:46 am

I noticed while using <a href="http://www.wireshark.org/">Wireshark</a> that when X1 starts up and checks for new versions, it also sends my license key as part of the version check. Problem is that it's all done in cleartext. It would be nice if the check could be done via SSL instead of plain HTTP, as it's very easy to sniff the license key currently.

I travel around a bit and use a lot of open wireless AP's and Internet cafe's, I'd hate to have my key stolen and posted online - It'd look like I was handing the key out for free. I realise I can turn this feature off, which I've done. However it's on by default so others could be accidentally leaking their license key out without realising it.

I'd like to suggest a feature of checking for update via SSL/HTTPS, which is enabled by default. Users could disable this if required (for proxy servers or similar) Either that or updating is turned off by default, with a small message given explaining this when you enable it.

Thanks,
Tim

[PS: Should I also submit this via my account page? Does that carry more weight than posting here, or will it be given equal consideration as a feature request?]
tjh
X1 Super User
X1 Super User
 
Posts: 400
Joined: Sat Apr 12, 2008 4:12 am
Location: Napier, New Zealand

Return to Feature Requests and Gripes

Who is online

Users browsing this forum: No registered users and 52 guests

cron