FIXED Have GBAtemp use encryption

Discussion in 'Site Discussions & Suggestions' started by GH0, Aug 4, 2014.

  1. GH0
    OP

    GH0 Advanced Member

    Member
    88
    8
    Dec 26, 2008
    United States
    Is there any reason that gbatemp does not use any form of encryption (from what I can see, it isn't used during the login process either).

    If I could, could I request that ssl/tls/whatever encryption start being used on this site? There really shouldn't be any reason why it can't be enabled. It is definitely possible for a site and forum such as this one.
     
    soulx, Vipera and pelago like this.


  2. Cartmanuk

    Cartmanuk GBAtemp Advanced Fan

    Member
    707
    106
    Nov 20, 2010
    Well GBAtemp was hacked awhile back so I believe it is secure now.
     
  3. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    12,112
    5,180
    Mar 17, 2010
    Norway
    Alola
    I agree. Not like my GBAtemp account has any private information stored on it, but there's no reason to not enable SSL these days when you can get a valid SSL certificate for free.

    Your post is contradictory and makes no sense.
     
    pelago likes this.
  4. GamerzHell9137

    GamerzHell9137 GBAtemp Psycho!

    Member
    3,829
    1,662
    Nov 1, 2011
    Bosnia and Herzegovina
    If its free then i support it, even if it wasn't it would be better with encryption.
     
  5. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,087
    12,612
    Oct 11, 2011
    Antarctica
    В небо
    Don't give out personal information on the web.
    Don't post personal information on the web.
    Don't keep personal information in places where others can reach it.

    If you don't trust a site, then don't register.
    Simple as that.
     
  6. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,553
    9,378
    Nov 21, 2005
    The issue was considered before, I will try to find the thread in which it was discussed. The net result though was it was felt the increase in server load would not be worth the gains, which are pretty minimal in a site like this.
     
  7. migles

    migles Mei the sexiest bae

    Member
    6,899
    4,647
    Sep 19, 2013
    Saint Kitts and Nevis
    my dad works for nintendo.
    guests and everyone with an account can see the posts, what needs to be "secured"?

    login? use a random generated password (i just pressed "forgot password" button and got one generated)
    save it in the browser container (most secure place in the internet! :sarcasm: ) and there ya go
    someone stealed the account? what is in the account anyone can use?
     
  8. xxNathanxx

    xxNathanxx GBAtemp Regular

    Member
    289
    66
    Oct 28, 2011
    New Caledonia
    That has nothing to do with SSL. Please don't reply if you don't know what you are talking about.

    You too. Yes, you should use 'random'ly generated passwords, but I'd imagine not many people here (or anywhere) do that consistently.

    Is the increase in load that noticeable? If so I would suggest using it only for login and such, so no passwords can be stolen. Still, it would be nice to have the site fully encrypted.
     
    soulx likes this.
  9. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,553
    9,378
    Nov 21, 2005
    There is a noticeable overhead (in terms of CPU and memory you can see it clearly enough in a task manager, though it is not a problem here if you couple that with some less than great IO performance like from a shared host then it is even more fun), especially if we have a lot of guests on the forum. Granted at the last time this was considered the servers were being pushed quite hard (Costello and tj_cool were always trying to optimise things at that point) as were those handling the server itself. Things are a tiny bit more relaxed these days but whether they will think it worth the effort I am not sure.

    I may well be talking out of my arse and will have to research the protocol but there is also the facebook login option, I imagine that is secured enough for those that wish for such things for the login side of things.

    On the other hand if google is really bumping up sites with SSL in the rankings it might be worth considering, especially as certs are now at money you can afford to lose territory.
     
  10. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,087
    12,612
    Oct 11, 2011
    Antarctica
    В небо
    You're not the boss of me.
     
    Riyaz likes this.
  11. ComeTurismO

    ComeTurismO CTO

    Member
    2,942
    5,586
    Sep 18, 2011
    Canada
    4:54 PM
    I love that comment.

    OP, it's useless. We never needed it, so indeed.
     
  12. xxNathanxx

    xxNathanxx GBAtemp Regular

    Member
    289
    66
    Oct 28, 2011
    New Caledonia
    Alright.

    If you should go for sitewide SSL, you could always choose to self sign (so it would be free) and just ask people to accept your certificate if they want a secure connection to the site. Of course that has downsides as well, but you could give it a try and if the demand is high enough you could get a paid certificate from a fancy CA that is for some reason accepted by default by most browsers.

    As for the Facebook login option, I'd imagine the 'asking for SSL' and the 'logging in through Facebook' groups are mutually exclusive.
     
  13. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,553
    9,378
    Nov 21, 2005
    The facebook thing was more a means to an end (a way of having a secure login rather than a means to have a facebook version of remember my password).

    As for self signing I would not suggest it for this site, most modern browsers will freak out when they encounter them and most people do not want to read the errors. If it is a choice between having people get out of sites when errors pop up and having people learn to ignore them (I would love people to read and understand errors but we are not in magic fairy land) I am going with just get out. A nice example might be when we link up C3 each year (they use a self signed cert) and we typically get comments on it. I would have thought those interesting in C3 would be a fairly self selected group that is versed in basic security, if it happens there then those just wanting to read a guide on their new flash cart...
     
  14. xxNathanxx

    xxNathanxx GBAtemp Regular

    Member
    289
    66
    Oct 28, 2011
    New Caledonia
    Yeah, you're right.
     
  15. xxNathanxx

    xxNathanxx GBAtemp Regular

    Member
    289
    66
    Oct 28, 2011
    New Caledonia
    Thanks guys!
     
  16. Monty Kensicle

    Monty Kensicle Yay!

    Member
    1,156
    278
    Aug 4, 2008
    United States
    Commonwealth of Virginia
    But some days when your're desperate to find a file, you just have to register on the Russian web forum with the dubious file download links.

    That's why I use fake information with a dummy e-mail and virus scan everything I download.
     
  17. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,087
    12,612
    Oct 11, 2011
    Antarctica
    В небо
    Long live mailinator or onewaymail.
     
  18. Arras

    Arras GBAtemp Guru

    Member
    5,865
    2,682
    Sep 14, 2010
    Netherlands
  19. yodamerlin

    yodamerlin Bok bok.

    Member
    309
    162
    Apr 1, 2014
  20. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,087
    12,612
    Oct 11, 2011
    Antarctica
    В небо
    Guys guys guys.
    You know that's advertising don't you ;p