After playing Minecraft for awhile, I finally decided that I would be putting my money to good use by buying it.
Right off the bat though, I was surprised and disappointed to see that the purchase page defaults to, let alone allows you to use, the HTTP protocol.
What I find rather funny, while looking through the source, is that the confirmation page appears to be linked in HTTPS. Our credit card information could already have been stolen after submitting the form :tongue.gif:
I sincerely hope something will be done to make sure that users are directed to the HTTPS version of the site by default when they go to purchase minecraft.
Payment is handled via the Moneybookers applet and not the Minecraft website. Last I checked, Moneybookers was secure so there is no way for anyone to steal your information...
Payment is handled via the Moneybookers applet and not the Minecraft website. Last I checked, Moneybookers was secure so there is no way for anyone to steal your information...
Ah, you are correct, it does look like the data is POST'ed back to moneybookers over HTTPS. I guess I didn't look closely enough.
Sorry about freaking out there, I was just a little concerned when it appeared that the site its self was sending that over HTTP :tongue.gif:
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
After playing Minecraft for awhile, I finally decided that I would be putting my money to good use by buying it.
Right off the bat though, I was surprised and disappointed to see that the purchase page defaults to, let alone allows you to use, the HTTP protocol.
What I find rather funny, while looking through the source, is that the confirmation page appears to be linked in HTTPS. Our credit card information could already have been stolen after submitting the form :tongue.gif:
I sincerely hope something will be done to make sure that users are directed to the HTTPS version of the site by default when they go to purchase minecraft.
YouTube Channel - http://youtube.com/user/quicksavecrew
Ah, you are correct, it does look like the data is POST'ed back to moneybookers over HTTPS. I guess I didn't look closely enough.
Sorry about freaking out there, I was just a little concerned when it appeared that the site its self was sending that over HTTP :tongue.gif: