These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Forum Devs - are you aware of website running on https?

Author
Drokar Gazer
DISORDERLY CONDUCT.
#1 - 2011-09-11 20:08:06 UTC
i am not sure it is an issue nowadays, but back in the day, running an entire website on secure protocol is extremely expensive bandwidth. Typically sites only use SSL for login to mask user/password then revert back to non-secure unless you are logging into account management. As of right now, just logging into the EVE forums goes straight to HTTPS even if i am not logged in.

I just wanted to be sure this wasn't on accident with the new forums and CCP gets some huge bandwidth bill that causes NEX prices to skyrocket.... not that I buy nex or ever will, but just sayin...
Syn Fatelyng
Redanni
#2 - 2011-09-11 20:13:30 UTC
Consider that certain information on EVE Gate is sensitive, such as Corporation and Alliance EVE-mails that someone may check through the website. While the forum itself may not be as sensitive (for some), other areas pose an information security risk if left unencrypted.

EVE spies snooping on connections, wireless or not, is far from unheard of in this game.
Sarmatiko
#3 - 2011-09-11 20:23:22 UTC
I am not sure it is an issue nowadays, but back in the day, connecting to internet with my 36Kbit modem was damn expensive.
Downloading 5GB EVE client might be a problem back in the days in good ol` 2003.
Drokar Gazer
DISORDERLY CONDUCT.
#4 - 2011-09-11 20:27:17 UTC
Syn Fatelyng wrote:
Consider that certain information on EVE Gate is sensitive, such as Corporation and Alliance EVE-mails that someone may check through the website. While the forum itself may not be as sensitive (for some), other areas pose an information security risk if left unencrypted.

EVE spies snooping on connections, wireless or not, is far from unheard of in this game.


well that does make sense, but i was on https even when NOT logged in... that cant be cheap.
Nyio
Federal Navy Academy
Gallente Federation
#5 - 2011-09-11 20:42:11 UTC
This is the first website I've seen that runs https all the time, though it seems to work smooth (besides a few "We were ganked" messages now and then).

I'd think companies like CCP usually have a "fixed fee" for their server connections, rather than pay for amount of traffic, I could be wrong though. What?

Here is more on http vs. https for the interested.
Syn Fatelyng
Redanni
#6 - 2011-09-11 20:51:04 UTC  |  Edited by: Syn Fatelyng
Drokar Gazer wrote:
well that does make sense, but i was on https even when NOT logged in... that cant be cheap.
After a bit of digging it appears that a large portion of the EVE Online website is not SSL encrypted. See: http://www.eveonline.com/ and most of the content for the left-side menu.

What I will grant you is that anything related to EVE Gate or the Account section is SSL encrypted regardless of whether your browser is logged in or not. You're accurate that for those situations the bandwidth usage is increased but not as dramatic as you may think.

The majority of the additional overhead created by SSL is in the initial handshake where the magic happens and your browser and server create a "secret handshake" to identify one another with. After this handshake is created, however, the overhead is minimal since now you're already identified to one another.

Visualize this:

Quote:
Instructions: Replace the English letter 'e' with the English letter 'a'

I would tep that ess like the first of e mighty god.
The instructions are the bulk of your mental processing, because it has to be specific on instructions for the messages that follow. The messages that follow are now just part of an algorithm that's simple replacement.

So you see, the overhead is only significant on the initial connection and the remaining overhead most likely does not make a noticeable dent in CCPs bandwidth cost. [citation needed]


Way to spot the SSL situation, all the same, OP
Drokar Gazer
DISORDERLY CONDUCT.
#7 - 2011-09-11 21:27:36 UTC
Syn Fatelyng wrote:
Drokar Gazer wrote:
well that does make sense, but i was on https even when NOT logged in... that cant be cheap.
After a bit of digging it appears that a large portion of the EVE Online website is not SSL encrypted. See: http://www.eveonline.com/ and most of the content for the left-side menu.

What I will grant you is that anything related to EVE Gate or the Account section is SSL encrypted regardless of whether your browser is logged in or not. You're accurate that for those situations the bandwidth usage is increased but not as dramatic as you may think.

The majority of the additional overhead created by SSL is in the initial handshake where the magic happens and your browser and server create a "secret handshake" to identify one another with. After this handshake is created, however, the overhead is minimal since now you're already identified to one another.

Visualize this:

Quote:
Instructions: Replace the English letter 'e' with the English letter 'a'

I would tep that ess like the first of e mighty god.
The instructions are the bulk of your mental processing, because it has to be specific on instructions for the messages that follow. The messages that follow are now just part of an algorithm that's simple replacement.

So you see, the overhead is only significant on the initial connection and the remaining overhead most likely does not make a noticeable dent in CCPs bandwidth cost. [citation needed]


Way to spot the SSL situation, all the same, OP


good reply, i just wanted to be sure it was intentional, and didnt stick CCP with a massive bill. What you said makes sense though.
Crystal Liche
ACME Mineral and Gas
#8 - 2011-09-11 21:43:50 UTC
SSL is CPU intensive, not bandwidth, just sayin...
Commander Spurty
#9 - 2011-09-11 22:13:03 UTC
Crystal Liche wrote:
SSL is CPU intensive, not bandwidth, just sayin...



This, although XML has shot to fame as it compresses so damned well, but that's mixing oranges and bananas.

There are good ships,

And wood ships,

And ships that sail the sea

But the best ships are Spaceships

Built by CCP

kerradeph
Aliastra
Gallente Federation
#10 - 2011-09-12 01:32:00 UTC
Syn Fatelyng, you got it mostly right. the encrypted data is about the same size. but it also has a larger frame to hold the packet. and it has a hash of the unencrypted data.

in other words. picture shipping something, HTTP is shipping it with the packing label on the normal box of the item, and that's about it. HTTPS is shipping it inside a larger box with padding, and a picture of what's in the package.
there are other things that make HTTPS secure, but bear with me.
so with HTTP someone can just open the box and swap out what's in there so when it gets to you there's either nothing in there or something other than what you were asking for. with HTTPS it's secured in another box so it's harder for someone to get to your package, and there's the picture of what was sent so you can confirm that you get what was shipped.
but back the the original topic, picture a shipping truck, you can fit say 200 HTTP packages into the truck, but with the extra packaging, padding , and the picture you can only fit 180.

long story short, yes it does take more data, but it's somewhat ignorable considering the security benefit.

and nyio, any high availability high speed connection like the one eve has would not be a base fee, it's based directly on amount used. but compared to the data used by the eve servers, the forums would probably be nothing.
Blacksquirrel
Doomheim
#11 - 2011-09-12 01:40:24 UTC  |  Edited by: Blacksquirrel
It's considered poor form to login you in with https and then go back to http.

http://codebutler.com/firesheep

Yoink. That explains it all.

Use that in conjunction with wireshark in a high traffic wifi area. Even better the unencrypted public ones.
Bubbles Udan
Caldari Provisions
Caldari State
#12 - 2011-09-12 02:07:11 UTC
Are you seriously complaining that CCP secures the forums?

This isn't 1998, running an entire site with ssl is easy.
Talia Nachtigall
Deep Core Mining Inc.
Caldari State
#13 - 2011-09-12 07:01:54 UTC  |  Edited by: Talia Nachtigall
Drokar Gazer wrote:
i am not sure it is an issue nowadays, but back in the day, running an entire website on secure protocol is extremely expensive bandwidth. Typically sites only use SSL for login to mask user/password then revert back to non-secure unless you are logging into account management. As of right now, just logging into the EVE forums goes straight to HTTPS even if i am not logged in.

I just wanted to be sure this wasn't on accident with the new forums and CCP gets some huge bandwidth bill that causes NEX prices to skyrocket.... not that I buy nex or ever will, but just sayin...


I'm going to chime in here because I do have some knowledge on the subject. I personally run a forum & blog with SSL active the entire time. I do this because I believe in anonymity, privacy, and security. Believe it or not - a moderate estimate would be $800.00 annually for an SSL certificate. I myself pay roughly $400.00/yr through Comodo. I do truly wish every website was forced to use HTTPS to be honest.

That said - I've seen more and more websites begin adapting to this. EFF.org for example was the pioneer and openly believes that every website should be running HTTPS in the future. I subscribe to this belief. The times - they're a changing. I'd like to quote something that was posted back in October of 2010 by a blogger I respect:

Quote:
The bigger change that must also be made is for all vendors of web services to switch their connections over to using the SSL/TLS protocol exclusively. Only inertia and laziness has prevented this from being done long ago. It is my hope that the appearance of a tool as popular and easy-to-use as Firesheep will provide the incentive that has been missing for so long. The mischief it will cause should cause end users to demand this enhanced security from their web service vendors.

Even when a user is not in the process of logging on, they have a reasonable expectation that their interactions with a remote server will be relatively private, not literally broadcast to anyone with an antenna … like a passing Google mapping car. And when those interactions contain the user’s logged on state cookies, as they must for the user to be recognized as currently logged on, a user’s unencrypted session becomes readily hijackable and hackable, making the situation even worse. {Entire Article}



Edit: I will however criticize CCP for only using 128-bit encryption on their SSL certificate. They should be using 256 bit SSL encryption. Both are extremely effective however.

Don't pray for my soul. ;)

Din'stalor Alaric
The Congregation
Same Great Taste
#14 - 2011-09-12 07:24:40 UTC
Troll ?

Only after reading this thread twice i found no reference to internet spaceships, goon scams or 'help im stuck in a wormhole'.

Why dont we stop worrying about the new forums, which work, and get back to what eve is about, the spaceships.

Solo 4 Life.1v1 always honored, flying without booster alt since Oct 2010. No ransoms honored even if offered :)

Talia Nachtigall
Deep Core Mining Inc.
Caldari State
#15 - 2011-09-12 07:27:09 UTC
Din'stalor Alaric wrote:
Troll ?

Only after reading this thread twice i found no reference to internet spaceships, goon scams or 'help im stuck in a wormhole'.

Why dont we stop worrying about the new forums, which work, and get back to what eve is about, the spaceships.



I'll admit this topic is in the wrong forum however it was a legitimate question. If you don't have anything meaningful to contribute to the topic - why bother posting? People like you destroy good discussions. Please go pod yourself or let me know your current where-a-bouts so I can help. Twisted

Don't pray for my soul. ;)

Lana Torrin
Friends of Tristan
#16 - 2011-09-12 07:33:03 UTC
Crystal Liche wrote:
SSL is CPU intensive, not bandwidth, just sayin...


Seeing as you don't know how things work I will explain WHY HTTPS is bandwidth expensive.. Caching... You can NOT cache HTTPS in any way. Despite what you think, your ISP will be caching at the very least images (even if they say they aren't) from normal browsing and this reduces server side bandwidth a hell of a lot. Anything transferred over HTTPS can not be intercepted and cached because that breaks HTTPS and so every time you visit the site the static images must be downloaded again. In addition, of probably hundreds of thousands of people there is a good chance a few of them will want to download the SAME images (which is why caching at the ISP end is good) but because of HTTPS they have to individually download the images.

At CCPs end the bandwidth must be derpy huge and is more than likely the reason these boards are running like a pile of poo.
Tallian Saotome
Nuclear Arms Exchange Inc.
#17 - 2011-09-12 07:35:26 UTC
Din'stalor Alaric wrote:
Troll ?

Only after reading this thread twice i found no reference to internet spaceships, goon scams or 'help im stuck in a wormhole'.

Why dont we stop worrying about the new forums, which work, and get back to what eve is about, the spaceships.


We will when CCP does Shocked

Inappropriate signature removed, CCP Phantom.

Din'stalor Alaric
The Congregation
Same Great Taste
#18 - 2011-09-12 07:45:30 UTC
Tallian Saotome wrote:
Din'stalor Alaric wrote:
Troll ?

Only after reading this thread twice i found no reference to internet spaceships, goon scams or 'help im stuck in a wormhole'.

Why dont we stop worrying about the new forums, which work, and get back to what eve is about, the spaceships.


We will when CCP does Shocked


Inevitable comeback. Come back with something original or please move along.

Solo 4 Life.1v1 always honored, flying without booster alt since Oct 2010. No ransoms honored even if offered :)

Grimpak
Manufactorum.
#19 - 2011-09-12 07:45:36 UTC
Spurty wrote:
Crystal Liche wrote:
SSL is CPU intensive, not bandwidth, just sayin...



This, although XML has shot to fame as it compresses so damned well, but that's mixing oranges and bananas.




hey, oranges and bananas mix well.P

[img]http://eve-files.com/sig/grimpak[/img]

[quote]The more I know about humans, the more I love animals.[/quote] ain't that right

Aethlyn
Brutor Tribe
Minmatar Republic
#20 - 2011-09-12 08:31:09 UTC
Lana Torrin wrote:
Crystal Liche wrote:
SSL is CPU intensive, not bandwidth, just sayin...


Seeing as you don't know how things work I will explain WHY HTTPS is bandwidth expensive.. Caching... You can NOT cache HTTPS in any way. Despite what you think, your ISP will be caching at the very least images (even if they say they aren't) from normal browsing and this reduces server side bandwidth a hell of a lot. Anything transferred over HTTPS can not be intercepted and cached because that breaks HTTPS and so every time you visit the site the static images must be downloaded again. In addition, of probably hundreds of thousands of people there is a good chance a few of them will want to download the SAME images (which is why caching at the ISP end is good) but because of HTTPS they have to individually download the images.

At CCPs end the bandwidth must be derpy huge and is more than likely the reason these boards are running like a pile of poo.

Not 100% true cause the other end (i.e. the client/browser showing the forums) may cache the data received. Sure, it's a security risk, but it's not like it's impossible or there aren't any options to do so (e.g. IE has a specific setting to allow/disallow this). And even then, it could still be cached in memory (which has to happen anyway for a limited time).

Looking for more thoughts? Follow me on Twitter.

12Next page