-
February 25th, 2005, 12:27 AM
#1
ssl https capability on AO
I'm a huge fan and support of continuous encryption-based security while doing anything on the internet, and am curious as to if AO has ssl https capability? I tried https already directly in the url and it failed, so I'm assuming it doesn't have it.
Is there any possibility of having ssl for AO and giving users the option of browsing that way?
-
February 25th, 2005, 01:35 AM
#2
AFAIK, The only reason we should have the SSL is for logging in. Other than that, anything you post is going to be viewable by the world, so why bother? I'm not sure what else you would use SSL for....?
-ik
[edit]To clarify, If what I'm saying is indeed true (I've been proven false many times before), I don't think it would be worth the hassle for admins to instate SSL, obtain security certificates, etc just for logging in.[/edit]
Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
-- Homer S.
-
February 25th, 2005, 01:39 AM
#3
I'm not sure what else you would use SSL for....?
Man in the middle attack that reads the plaintext being sent between me and the AO server, catches it, alters it, continues transmission to origonal destination with the modified content. Also for when I sent private messages to other members, it can't be caught in midair when I go wireless.
I'm not paranoid, just enjoy making sure I know where my information is going.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 25th, 2005, 01:54 AM
#4
Both of you have valid points...I think it comes down to Jupiter Media not having the resources to invest extra time and money into getting a cert and instituting HTTP/S. It's not really *hard* to do...it's more an issue of the cost to plan it, set it up in test, test it, set it up in production, move it to production, build support, etc.
It's not like it's a huge enterprise rollout for them, but it *is* more than getting a cert issued and change a few flags in some conf file. That takes time from your engineers/admins to set up and do, or you have to pay someone else to come do it for you. Most IT departments are *still* under staffed and budgeted, so it's likely just not a priority.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
February 25th, 2005, 01:58 AM
#5
I understand, and now that I see your point of view I agree in this case. JM may be well understaffed, and something as trivial as using SSL capability for those few users who would take advantage of it would not be worth the cost/manpower.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
February 25th, 2005, 02:14 AM
#6
Senior Member
yeah, Ive had to setup SSL via Apache on a few servers. Only one company actually went and bought the Certificates, the others just trusted the server which made me the certificate.
Its not too hard at all, and I do feel alot more comfortable when im searching security sites in SSL. Im not doing anything illegal, but I would have much more comfort knowing my ISP doesnt have too much of an idea what Im doing...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|