Aurora Lahtela

Login and registration is implemented in Plan, but requires HTTPS. Passwords are stored in Plan database with hash+salt Login and registration is enabled when HTTPS is set up https://github.com/plan-player-analytics/Plan/wiki/SSL-Certificate-%28HTTPS%29-Set-Up If...

Why can you not use IP whitelist?

Login over HTTP is a non-option for security. Do you have any other ideas?

The suggestions fail to consider that when transmitting over HTTP the password the user gives will be visible to snooping. (Even if you hash it on the frontend the hash...

> I have a domain: waffcarui.ru . But it is not possible for me to install a certificate on it. Errors come out when trying to generate a certificate. It...

> What prevents you from creating a permission that allows you to change settings in the web interface if you are a server operator? Here's an analogy: - The server...

What I meant with the analogy: - The server needs to know who is making the request and that is what **Session Cookies** are for. - When user logs in...

I don't want to give them the opportunity.

With cloudflare you can also use their https if proxying traffic in a similar way that Kopo mentioned above

### TODO Most of the complexity of this ticket is in building the query. - select session starts and ends of a player - remove date information and only keep...