Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Will boards ever have ssl enabled?

Options
  • 18-11-2010 3:40pm
    #1
    nudist
    Closed Accounts Posts: 157 ✭✭


    Sorry for the repost but i just have to ask will boards ever have ssl enabled sometime in the future?

    Given that man in the middle attacks are becoming increasingly popular thanks to the recent firefox addon 'firesheep' isnt the move to ssl needed?


Comments

  • Options
    #2
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    SSL isn't immune to "man in the middle" attacks either, especially if you're on a foreign network.

    Tbh, given the lack of personal information passed over boards, it seems a little overkill even if it is good practice. At worst, an attacker can get your boards password and post under your name. No biggie, really.

    I know there's an overhead associated with running SSL, but I'm not sure what the impact is. Maybe the techs have looked into it.


  • Options
    #3
    Ross
    Closed Accounts Posts: 1,150 ✭✭✭Ross


    We're already experimenting with SSL, browse to https://www.boards.ie to try. Encrypting the entire live site presents an issue (lots of external embeds, youtube, images, etc) but it's definitely something we think about.


  • Options
    #4
    TimTim
    Registered Users Posts: 804 ✭✭✭TimTim


    To cover the bulk of the "local" content wouldn't enabling HTTPS on boards.ie and b-static.net do the trick?

    On a side note am I the only one who finds it annoying firefox will tell you it is loading insecure content rather then giving you the option to not load it at all?


  • Options
    #5
    Ross
    Closed Accounts Posts: 1,150 ✭✭✭Ross


    Probably. The certs ain't cheap though. Realistically b-static.net doesn't require it, as getting complete coverage (enough to make your address bar say "this site is secure" etc) would require us shutting out the rest of the world (not to mention advertising).

    Largely this would be for login and API access.


  • Options
    #6
    Overheal
    Registered Users Posts: 82,389 ✭✭✭✭Overheal


    seamus wrote: »
    At worst, an attacker can get your boards password and post under your name. No biggie, really.
    Except when it's an admin account - and not just an admin account but an Administrative account that has access to the username and password tables...


  • Advertisement
  • Options
    #7
    futonic
    Registered Users Posts: 121 ✭✭futonic


    cost of the certs would be the least of your worries. encryption/decryption will put a major load on your server. we run an ssl site and recently changed the key size from 512 to 2048 and basically watched the servers collapse. It takes processor time.

    Can't mix ssl served resources with non ssl as your users will get that annoying "page may contain insecure items" dialog.

    Basically a ssl site costs (in terms of cpu) a lot more than non ssl. If you don't need it, don't do it. Who cares if a forum is secure? A bank yes of course, but a forum?


Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Comment As ...
Advertisement