SSL connection now default for Geekzone PM

Geekzone Status | Geekzone User IP information | NZ Cell Sites Map | Amazon order page (Kindle, books, electronics)

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Geekzone › SSL connection now default for Geekzone PM

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Topic # 93594 24-Nov-2011 18:00
I have switched the PM pages (message composing, reading and listing) to accept SSL connections by default, and switch to SSL on non-secure requests. Many reasons for that. You will know why, no need to ask. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

1 | 2

1599 posts

Uber Geek
Inactive user

Reply # 549794 25-Nov-2011 09:44
Why is it not possible to have site wide SSL? The login page is in SSL, this means that virtually everything else can be too (except, maybe, ads).

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 549795 25-Nov-2011 09:45
There, you answered your question. Think about. It's not all our content. There are sometimes third party content such as speedtest images that will make your browser throw a tantrum for mixed content. Also, why bother with SSL for a whole site if there's nothing sensitive in those other areas? Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

codyc1515

1599 posts

Uber Geek
Inactive user

Reply # 549798 25-Nov-2011 09:47
Its the question of session jacking. Maybe make it a feature for subscribers only?

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 549803 25-Nov-2011 09:50
I've edited your post. No need to quote a full post just above yours. Answering your question, what can be achieved with session hijacking really? Impersonating someone on a forum? It's not as bad as impersonating someone on your banking site. For that we already have the IP Change option in your profile. If we detect your session is being used from a different IP address we will terminate it. You can also easily click the link in your profile page to terminate ALL existing session, for all browsers. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

codyc1515

1599 posts

Uber Geek
Inactive user

Reply # 549806 25-Nov-2011 09:51
Not if your in a Cafe and all share the same external IP.

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 549808 25-Nov-2011 09:53
le sigh You can just logout as soon as you're done, and anyone else using the same session will be logged out too. Using SSL site wide would impact our revenue. There's an obvious problem there - we can't run a site full time with no revenue. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 549812 25-Nov-2011 09:55
Also, instead of focusing on how this make things better for people relying on Geekzone PM to communicate (transactions between members, employee confidentiality) you worry about something that would have less impact... Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

codyc1515

1599 posts

Uber Geek
Inactive user

Reply # 549817 25-Nov-2011 09:59
The whole performance impact thing has been proven wrong for quite some time now: "In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that." As for revenues I'm not quite sure how that comes into it if its just for Subscribers. What I'm getting at is that someone could go into a Cafe have their session jacked on an ordinary page and send PMs as that user, without them knowing (most likely).

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 549819 25-Nov-2011 10:01
If you read the thread again you will see I never mentioned the performance card, as I am well aware of the impact or non-impact of it. Please don't put words in my mouth. As for "for subscribers only", I'm sorry but we work on priorities here. The subscriber uptake is too low, and people have already said that even $5 a month is "too expensive". Not very supporting is it? Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

Ragnor

6895 posts

Uber Geek

Trusted

Subscriber

Reply # 550154 26-Nov-2011 05:14
codyc1515: What I'm getting at is that someone could go into a Cafe have their session jacked on an ordinary page and send PMs as that user, without them knowing (most likely). If you are going to use shared/public internet you would send all traffic over a vpn and use your home, work/work/hosts connection to avoid any man in the middle session jacking for all sites.

codyc1515

1599 posts

Uber Geek
Inactive user

Reply # 550401 26-Nov-2011 19:44
Ragnor: codyc1515: What I'm getting at is that someone could go into a Cafe have their session jacked on an ordinary page and send PMs as that user, without them knowing (most likely). If you are going to use shared/public internet you would send all traffic over a vpn and use your home, work/work/hosts connection to avoid any man in the middle session jacking for all sites. Not everybody knows this though and its a waste of bandwidth.

freitasm

BDFL
43788 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 550402 26-Nov-2011 19:45
In such case I doubt they would know or worry about session hijacking either... Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

Regs

10100111001
3177 posts

Uber Geek

Trusted

Subscriber

Reply # 550404 26-Nov-2011 19:58
freitasm: In such case I doubt they would know or worry about session hijacking either... LOL. +1 Need help implementing Microsoft CRM? Give OA Systems a shout. Winners of CRM Solution of the Year at the 2010 Microsoft NZ Partner Awards

codyc1515

1599 posts

Uber Geek
Inactive user

Reply # 550408 26-Nov-2011 20:14
freitasm: In such case I doubt they would know or worry about session hijacking either... In which case they should be protected, no?

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when new jobs are posted to our jobs board:

Follow @geekzonenzjobs

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

News »

Amazon brings Kindle Fire to 170 countries, expand app store to more than 200 countries
Posted 24-May-2013 14:41

Gen-i and SAP partner in mobile business
Posted 23-May-2013 09:23

Ericsson to close down telecom cable manufacturing
Posted 23-May-2013 08:46

FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37

Microsoft unveils Xbox One
Posted 22-May-2013 08:11

Trending now »

Hot discussions in our forums right now:

Fecked up religious people strike again :-(
Created by Mark, last reply by freitasm on 25-May-2013 08:44 (85 replies)

... 4 5 6

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by freitasm on 23-May-2013 23:20 (74 replies)

... 3 4 5

Xbox One
Created by DjShadow, last reply by Kingy on 24-May-2013 13:48 (68 replies)

... 3 4 5

A new project coming to Geekzone
Created by freitasm, last reply by l43a2 on 24-May-2013 23:02 (342 replies)

... 21 22 23

Troublesome transition to VDSL
Created by oseiler, last reply by michaelmurfy on 24-May-2013 13:57 (18 replies)

... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by wlfkfgkwlaktka on 24-May-2013 15:49 (1564 replies)

... 103 104 105

Monolithic Cement Sheet cladding mid 80s house - "leaky home" or not?
Created by joker97, last reply by mattwnz on 24-May-2013 23:46 (15 replies)

Warning - Users with Tenda ADSL modem
Created by Psi, last reply by Psi on 24-May-2013 22:01 (44 replies)

... 2 3

Geekzone Jobs »

Most recent NZ jobs in technology:

Organisational Change Analyst
Posted 24-May-2013 19:28

Dedicated Java Developer/ Technical lead
Posted 24-May-2013 18:28

Account Manager - IT/Telco
Posted 24-May-2013 18:28

Commercial Java Developer
Posted 24-May-2013 18:28

Senior DB2 Database Administrator
Posted 24-May-2013 18:28

Technical BA
Posted 24-May-2013 18:28

OSS Systems Engineer
Posted 24-May-2013 18:28

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; Tech Jobs feed; All RSS feeds

Site features: Geekzone Mobile; @GeekzoneMail; Geekzone Badges; Geekzone on Twitter

Geekzone offers: Amazon orders (Kindle, books, everything); MightyApe orders; Free technology white papers

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright