how 'bout logging in securely?
- Thread starter jhu
- Start date
narzy
Elite Member
- Feb 26, 2000
- 7,006
- 1
- 81
it would cost a secuity certificate, also SSL puts a tremedous load on a server outside of normal web traffic think about it simply for a second, a web server has to sort and "packetize" traffic anyways, now this is a quick process, with SSL and especially with what your suggesting, you would have to secure not only the login process but everything beyond that aswell to secure your PM's with SSL its now standard 128 bit encryption, sure, servers encrypt the packets quickly on ONE connection at a time, stack that with the 600 other people who are logged in and you have a serious bottle neck, back log, lagging server issue.
AKA
not gonna happen,
not worth the time.
AKA
not gonna happen,
not worth the time.
GoodRevrnd
Diamond Member
- Dec 27, 2001
- 6,801
- 581
- 126
Like I said, security certs cost $0 USD. I dont think encrypting the traffic would put that much of a strain on the servers. I doubt the webservers are all that loaded right now (I could be wrong). Plus, Id help spring for a couple of hardware based encryption boards. They're cheap and pretty useful (keep meaning to pick a couple up myself...).
I dont think it will happen, although secure login would be *great*, but its not such a tough idea.
I dont think it will happen, although secure login would be *great*, but its not such a tough idea.
n0c, actually SSL puts alot of load on traffic, encryption takes time. With the kind of load we're under here it won't happen, and besides, this is not a private vault for people to store private info.
Thanks.
Thanks.
Originally posted by: n0cmonkey
eh, so I was wrong. Its those ATOTers I tell ya!
How about just doing it for subscribers?
You also have to consider that right now, you can't assume your data IS secure, so in the event of the breach, it will obviously not be ATs problem that your secret data is out. If, however, everything is encrypted, someone might try to hold them responsible for a loss of private data, which would obviously be a bad thing.
sash1
Diamond Member
- Jul 20, 2001
- 8,896
- 1
- 0
how about only allowing one IP on at once?
I mean, I can be logged on on my computer, teh rents computer, my laptop, and be logged on while I am at school all at the same time. It would be better if only one IP was allowed to be logged on to the same account.
Would this be hard Zuni?
~Aunix
I mean, I can be logged on on my computer, teh rents computer, my laptop, and be logged on while I am at school all at the same time. It would be better if only one IP was allowed to be logged on to the same account.
Would this be hard Zuni?
~Aunix
I can't see why that would be a good idea. If you only allowed a particular user to be logged on from one computer by some method, that would suck for those of us who have more than one computer and have each one set up to retain cookies so we're logged in "all the time".
You need to be concerned with the security of the backend, not with your data in transit. SSL is like asking to use an armored car to move funds between homeless people on two different park benches. While armored cars have their places, it's best to beef up security at the park benches first
Free and useless. it doesn't really solve a problem. Data in transit on the wire is not the weakness on the broad internet. Stealing a quote from Bruce, "This means that you are using SSL to establish a secure channel with a random person. Imagine you are sitting in a lightless room with a stranger. You know that your conversation cannot be eavesdropped on. What secrets are you going to tell the stranger? Nothing, because you have no idea who he is. SSL is kind of like that." With self signing you have no way to authenticate the remote server is who he said he is, and if someone does spoof dns or perform another misdirection attack you have no way to detect it.
Bill
Its not useless at all. But I now agree with your point. I've thought about the authentication vs. encryption thing quite a bit lately. My method covers encryption (what I am concerned with on my setup), but not authentication and trust. Of course, you can't trust verisign which owns most of the 3rd party verification companies anyhow...
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter