ADISC via HTTPS (SSL Encryption)

Status
Not open for further replies.

Sila

Est. Contributor
Messages
378
Role
  1. Babyfur
  2. Other
Found an interesting glitch, let's see if I can explain it well enough.

I have a roleplay thread bookmarked in HTTP. (seen here:http://s35.photobucket.com/albums/d166/Sila-chan/?action=view&current=glitch1-1.jpg )

When I click it, it sometimes sends me into using a different theme and sends me into using https. I couldn't get a screenie of it this time since I already manually changed the theme using the bottom drop down. Edit: to clarify, I use the Ungu theme and it sometimes switches me to using dark_vb.

Also, some links send me into using https rather than just http. https takes longer to load, and I don't have anything to worry about being seen or not, so I have no use for it myself. Example:
http://s35.photobucket.com/albums/d166/Sila-chan/?action=view&current=glitch2-1.jpg
Also does the same for every link in the page itself, I hovered over them all and they all show https at the bottom.

Was the latter part intentional or is that a glitch? XD hope i helped a bit, bug me on IRC if you need a better explanation- I'm always there. xD
 
Last edited:

Nam Repaid

Est. Contributor
Messages
2,629
Role
  1. Diaper Lover
Ugh! Ive been unable to acess anything other than the old forum page for days now. (ADISC - Powered by our will to be young again) if I click on any links the page just jammed during loading and I had to close my browser. My cellphone works fine but I could get no info to help from here. Finally I ran windows update and after reboot I back!

A tip for any other locked out win98 users.

Nam
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
Does HTTPS actually take noticibly longer to load?

All links now default to it, so if you use an old HTTPs bookmark, it should migrate you over to HTTPS... though this should not affect the theme you're using.
 

EmmEmmThree

Est. Contributor
Messages
1,799
Role
  1. Babyfur
  2. Little
  3. Carer
Does HTTPS actually take noticibly longer to load?
Only during initial visit to the homepa-- actually, that's because my bookmark is set to http:// not https:// Changed it to https:// , now I can't even tell a difference.
 

Sila

Est. Contributor
Messages
378
Role
  1. Babyfur
  2. Other
Does HTTPS actually take noticibly longer to load?

All links now default to it, so if you use an old HTTPs bookmark, it should migrate you over to HTTPS... though this should not affect the theme you're using.

I dont have a very fast connection, so the initial load time takes a little bit longer (the images show up as text first, then load as images, for example). It's not horribly annoying to where I'd throw a fit over it, it's just something that gets in the way when I'm trying to quickly scroll past somethin' xD. not a big deal overall.

ty moo ^-^
 

Hex

Est. Contributor
Messages
1,215
Role
  1. Adult Baby
  2. Diaper Lover
  3. Babyfur
  4. Sissy
Does HTTPS actually take noticibly longer to load?
[font="Calibri,Arial"]On my iPod touch, yes. Significantly more. That might just be a flaw in Mobile Safari's SSL handling, however.

On my PC, it is fine.[/font]
 

mizzycub

Est. Contributor
Messages
1,615
Role
  1. Adult Baby
  2. Diaper Lover
  3. Babyfur
I'm still not loading the top 10 windows even though you said it was fixed. However, I haven't noticed https being any slower than http was.
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
That happens when someone uses 'IMG' tags in their post.

Fetching the attached image from an external (non-SSL) URL causes the page to be deemed 'insecure' and hence warnings are generated.

I'm likely going to disable the 'IMG' tag and just let people upload images as attachments instead.
 

Dude84

Banned
Messages
408
Role
  1. Adult Baby
That happens when someone uses 'IMG' tags in their post.

Fetching the attached image from an external (non-SSL) URL causes the page to be deemed 'insecure' and hence warnings are generated.

I'm likely going to disable the 'IMG' tag and just let people upload images as attachments instead.

Whilst I appreciate the logic behind that, it may cause problems with regard to arbitrary file size or format restrictions, particularly for larger images.
 

dangermouse

Est. Contributor
Messages
376
Role
  1. Diaper Lover
But there is no way of telling who you are (what is your username) and what you post and what pages you are looking at.
Should be stressed that under the public forums, all the posts are available to unregistered users and indeed even Google.

HTTPS will keep your personal session private and encrypted however so the content of what you are doing is not visible to anyone who cared to snoop. It may seem unlikely but remember this can include your ISP as a huge amount of them use proxies on unencrypted web traffic. Then you have web cafes and schools/colleges/universities and even places of work who may be actively watching the content.

If you are concerned about privacy, don't use a username that can identify you to the outside word, and don't post anything else that can identify you. Then, what's available publicly is not an issue.

P.S. Worth using the privacy modes now appearing in some browsers (Google Chrome for example, and I think IE has one now?). That ensures your session isn't stored on the PC you are using.
 

Hex

Est. Contributor
Messages
1,215
Role
  1. Adult Baby
  2. Diaper Lover
  3. Babyfur
  4. Sissy
That happens when someone uses 'IMG' tags in their post.

Fetching the attached image from an external (non-SSL) URL causes the page to be deemed 'insecure' and hence warnings are generated.

I'm likely going to disable the 'IMG' tag and just let people upload images as attachments instead.

[font="Calibri,Arial"]Please don't disable IMG tags. Nobody ever asked for SSL before, so breaking something people do use (IMG tags) for something that most people don't even care about (SSL) is a horrible idea.[/font]
 

Charlie

Est. Contributor
Messages
3,448
Role
  1. Adult Baby
  2. Diaper Lover
  3. Sissy
  4. Carer
  5. Other
Ditto, IMG tags are pretty important IMO.
Attaching images is way more hassle.
 

Martin

Est. Contributor
Messages
3,833
Role
  1. Adult Baby
  2. Diaper Lover
  3. Little
Disabling IMG tags would also make all old posts with images broken.

Please don't remove img tags.

If you really want everything to go through your server then do something like you did with the skype icons.
 

recovery

Est. Contributor
Messages
1,234
Role
  1. Other
HTTPS will keep your personal session private and encrypted however so the content of what you are doing is not visible to anyone who cared to snoop. It may seem unlikely but remember this can include your ISP as a huge amount of them use proxies on unencrypted web traffic. Then you have web cafes and schools/colleges/universities and even places of work who may be actively watching the content.

I guess I wasn't clear, admittingly, I was only to point out the only advantage of SSL is that if parents or other networks are trying to monitor people's activity. It would and wouldn't work. Most routers these days have an option of logging URLs people go on. But even then, the URLs are encrypted. But not the DNS request or the IP, due to the nature of the system. In those cases use a SSL proxy of some kind. Or some TOR network. But you're right.


As for the Image tag. I was going to suggest to take it. It does ruin the integrity of using SSL. And people would only just not realise what is happening or just ignore all the warning messages which 90% of the web users do. They just want to see the images. Not care about whether some one can snoop on them.

The only time I will support SSL is if we have to identify ourselves with our own certificate/key. (It's possible folks!) But that won't be ideal in the sense that most users won't know what to do (having not expereinced it before), and ruin portability, in the sense that you can't hope on another machine and log in, unless you have the special file.


I would advise against 'proxying'/relaying the data. Simply because Its more risks and nuisance for Adisc. Skype icons may of been feasible in the sense, the site is trusted and the images are of little size. I like to monitor what web page connects me to what. If the site is going to cheat and proxy things, it's putting itself and the users at a needless risk.

As attachments as an alternative? I would prefer if we kept the IMG tag, but it only worked internally, say linking to images into your profile images. But in all cases, it's most likely going to end up as some dirty hack Moo has to write up. The attachment method is the least work required for it to work AFAIK.
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
OK, here's an update as to the status of SSL:

  1. SSL is now disabled by default, because a few people were unable to connect while SSL was the default.
  2. You can now turn SSL on, if you wish, via the link in the top-right hand corner of each page. This will last for the rest of your current session. Once I have ironed out a few more bugs, I'll include an option to make it permanent.
  3. "" tags will continue working as normal for people not using HTTPS. For those people using HTTPS, they will be turned into clickable links. That way, they don't break HTTPS, but people not using HTTPS will not notice any difference.
    [*]Currently, [B]SSL does not work for the gallery or wiki[/B]. I'm looking at fixing this.
    [/LIST]
 

ade

Est. Contributor
Messages
4,593
Role
  1. Other
too much java-junk in my opinion. it'll become as user-unfriendly as ebay, photobucket, msn, etc, etc.
what's wrong with clean and simple; something that works without pointless gimmickry?
 

Dude84

Banned
Messages
408
Role
  1. Adult Baby
too much java-junk in my opinion. it'll become as user-unfriendly as ebay, photobucket, msn, etc, etc.
what's wrong with clean and simple; something that works without pointless gimmickry?

Agreed, completely.
 
Status
Not open for further replies.
Top