Results 1 to 6 of 6

Thread: ssl https capability on AO

  1. #1
    Senior Member
    Join Date
    Feb 2005
    Posts
    153

    ssl https capability on AO

    I'm a huge fan and support of continuous encryption-based security while doing anything on the internet, and am curious as to if AO has ssl https capability? I tried https already directly in the url and it failed, so I'm assuming it doesn't have it.

    Is there any possibility of having ssl for AO and giving users the option of browsing that way?

  2. #2
    Senior Member
    Join Date
    Dec 2004
    Posts
    107
    AFAIK, The only reason we should have the SSL is for logging in. Other than that, anything you post is going to be viewable by the world, so why bother? I'm not sure what else you would use SSL for....?

    -ik

    [edit]To clarify, If what I'm saying is indeed true (I've been proven false many times before), I don't think it would be worth the hassle for admins to instate SSL, obtain security certificates, etc just for logging in.[/edit]
    Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
    -- Homer S.

  3. #3
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    I'm not sure what else you would use SSL for....?
    Man in the middle attack that reads the plaintext being sent between me and the AO server, catches it, alters it, continues transmission to origonal destination with the modified content. Also for when I sent private messages to other members, it can't be caught in midair when I go wireless.

    I'm not paranoid, just enjoy making sure I know where my information is going.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Both of you have valid points...I think it comes down to Jupiter Media not having the resources to invest extra time and money into getting a cert and instituting HTTP/S. It's not really *hard* to do...it's more an issue of the cost to plan it, set it up in test, test it, set it up in production, move it to production, build support, etc.

    It's not like it's a huge enterprise rollout for them, but it *is* more than getting a cert issued and change a few flags in some conf file. That takes time from your engineers/admins to set up and do, or you have to pay someone else to come do it for you. Most IT departments are *still* under staffed and budgeted, so it's likely just not a priority.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    I understand, and now that I see your point of view I agree in this case. JM may be well understaffed, and something as trivial as using SSL capability for those few users who would take advantage of it would not be worth the cost/manpower.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  6. #6
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    yeah, Ive had to setup SSL via Apache on a few servers. Only one company actually went and bought the Certificates, the others just trusted the server which made me the certificate.

    Its not too hard at all, and I do feel alot more comfortable when im searching security sites in SSL. Im not doing anything illegal, but I would have much more comfort knowing my ISP doesnt have too much of an idea what Im doing...
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •