why akiba-online doesn't use https?
- Thread starter gendalf
- Start date
-
Akiba-Online is sponsored by FileJoker.
FileJoker is a required filehost for all new posts and content replies in the Direct Downloads subforums.
Failure to include FileJoker links for Direct Download posts will result in deletion of your posts or worse.
For more information see this thread.
uzzled:A real (not self generated) certificate requires money...
A self-signed cert is somewhat safe, but forgery is easy
Many people would click okay anyway if presented with a warning that the certificate had changed
Many hosts charge extra for supporting SSL.
Not sure what is used here, or what, but it's not always as easy as just pushing a button to enable it.
A self-signed cert is somewhat safe, but forgery is easy
Many people would click okay anyway if presented with a warning that the certificate had changed
Many hosts charge extra for supporting SSL.
Not sure what is used here, or what, but it's not always as easy as just pushing a button to enable it.
I was just listing possible reasons that there was no SSL support.
I've hosted, of course shared hosting, several small sites, and it was a pain to get a signed certificate so users wouldn't be threatened with bad things happening if they clicked ok for a self generated certificate. And the host always wanted more money for SSL (https) than a hosting package that doesn't include it.
I don't know what akiba-online runs on or anything, so it was more of a list of why someone may choose to not run their site in https.
I've hosted, of course shared hosting, several small sites, and it was a pain to get a signed certificate so users wouldn't be threatened with bad things happening if they clicked ok for a self generated certificate. And the host always wanted more money for SSL (https) than a hosting package that doesn't include it.
I don't know what akiba-online runs on or anything, so it was more of a list of why someone may choose to not run their site in https.
I did performance testing for a very large bank's branch network. Our auditors thought every page should be served through SSL. We saw a performance penalty for SSL that ranged from 5% to (rarely) 30%. This would have meant our buying additional servers with no perceived benefit, except of course avoiding a risk. At a bank, risk avoidance can be cost-justified: one breach can easily cost millions of whatever currency you like. In a setting like this, however, the benefit is not as obvious.
SSL is also a PITA to administer, for the various IT parties involved.
I, too, would like SSL, especially given the disclosures about NSA's capabilities. However, I can accept the current situation, especially given NSA's capabilities (penetrating SSL).
I'd be interested to hear the board administrators' response to the question, from a professional perspective as someone who's dealt a bit with SSL.
SSL is also a PITA to administer, for the various IT parties involved.
I, too, would like SSL, especially given the disclosures about NSA's capabilities. However, I can accept the current situation, especially given NSA's capabilities (penetrating SSL).
I'd be interested to hear the board administrators' response to the question, from a professional perspective as someone who's dealt a bit with SSL.
