Suggestion: All good trackers must use secure ssl certificates!
After wat happened with Oink, I think all good trackers should implement Secure Sockets Layer (SSL via HTTPS). It will b more secure coz the login system will b encryted via their own certificate. RTSv2 has already done tat. Won't it be more secure for users? Is there any negativity with the SSL protocol? Suggestions plz.
Re: Suggestion: All good trackers must use secure ssl certificates!
It encrypts traffic between the user and the server, nothing else.
Re: Suggestion: All good trackers must use secure ssl certificates!
Quote:
Originally Posted by
Fibre
It encrypts traffic between the user and the server, nothing else.
exactly. It would still be just as easy for a baddie to sign-up or get an invite and have access to the site.
Re: Suggestion: All good trackers must use secure ssl certificates!
what makes you think an ssl can save a site ?? :blink:
it just makes a site secure from a sniffing attack ..
Re: Suggestion: All good trackers must use secure ssl certificates!
As for "negativity", it can cripple your server. SSL requests take a lot more processing than plain text requests.
BTW, I wouldn't take the fact that RTS introduced SSL as any sign of security. They did after all have a leaky database which is something no SSL will protect against.
Re: Suggestion: All good trackers must use secure ssl certificates!
so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.
Re: Suggestion: All good trackers must use secure ssl certificates!
Actually sites need to do four things:
1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.
Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.
Re: Suggestion: All good trackers must use secure ssl certificates!
Quote:
Originally Posted by
AugustoP
Actually sites need to do four things:
1. Protect their servers - rent them in countries where it is difficult for authorities to confiscate them.
2. Protect identities of the site owner - use some kind of anonymous companies to rent servers. One-day company used for tax reduction schemes and other borderline legal activities costs around $500 where I live.
3. Protect their users - have everything encrypted so only undercover work can harm users. Although some countries (e.g. UK) start to implement laws that allow to send people into jail for not disclosing encryption key. AFAIK, it's only limited to organised crime and terrorism cases but who knows what's next.
4. A disaster recovery plan. Safely hidden backups of everything needed to run the site.
Also I think it's not the best idea to store donations at PayPal. I heard PayPal closes accounts without a second thought.
Most of the things you mentioned are good points.
And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
The SSL in itself doesnt real do much or protect much. Its kinda pointless other than having the trackers www running off a differant port which helps when being ddos' their isnt much else it really does.
Quote:
Originally Posted by
sovaz
so there is no real point for SSL then...i mean u can still get attacks n leaky database even with SSL.
Exactly.
Re: Suggestion: All good trackers must use secure ssl certificates!
Quote:
Originally Posted by
Melvinmeow
And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one ;)
Re: Suggestion: All good trackers must use secure ssl certificates!
Quote:
Originally Posted by
darkness
Quote:
Originally Posted by
Melvinmeow
And yes some countries in Europe even have laws against using too high a encryption algarythm as well. For instance I believe a few years ago you could get in trouble for using more than 128 bit encryption. (Could be wrong but it was somewhere around that figure in Spain.)
Yep, having an encryption higher than 128bit is illegal in alot of countries. But either way you have to supply them with the encryption key if asked
But if it were my server I would have 1 key that unlocks and 1 key that destroys the hdd. So basically if its raided, and you were detained and asked for the key, give em the wrong one ;)
AFAIK encryption and the right to not testify against yourself is still a gray area. It's even more difficult with the international nature of the internet. Anyway, don't think someone could get away with destruction of evidence. The person who'll give police the key to destroy the data will end up in jail for sure. Not mention technical problems with this scenario.
Here's the article about UK goverment proposition on encryption http://news.zdnet.co.uk/security/0,1...9269746,00.htm
