W
WebmasterAlex
Guest
I just posted an article on http://www.distechtalk.com/
If anyone wants more info on the Board upgrades we did the other night...
DisneyWorld Delight
No Tag For You!
- Joined
- Aug 24, 2004
- Messages
- 2,930
Awesome. Somehow I missed there was a DIS tech blog.
I have no idea what it means but I think you're Awesome!!! 
insoin
<a href="http://www.wdwinfo.com/dis-sponsor/" targ
- Joined
- May 6, 2007
- Messages
- 1,064
Alex, first off Hi, and thanks for all you must do for the boards. Second, really neat blog, even if I understand only about 10% of it.
Loved the one about the Tag Fairy, I never noticed they were different, but now that I think about it, they are. Neat little touch that you do...
FireDancer
DIS Legend
- Joined
- Apr 3, 2008
- Messages
- 13,255
I had no idea there was a DIS Tech blog...it's like Christmas came early. 
I was wondering where the proper place would be to make a technical request for the boards. I'll post it here and if there is somewhere better I'll post it there.
Is there anyway you guys can get an ssl certificate and mirror the login/landing page as an ssl page? I only ask because when I am at a hotel or another hotspot and don't have my laptop with VPN access I am reluctant to go to a page in the clear and enter my password.
Moxie Marlinskike's presentation at the Black Hat conference exposed some weaknesses in collecting data on a non-ssl page and then passing it to the server through a form initiated ssl connection.
If you could provide a login page located at https://disboards.com just for the log in and then redirect back to the http page it would make security conscious (some would say paranoid) people like me much happier. Even if it requires directly typing the entire url including the resource type so the default login is in the clear it would be a step up in security. This is how Facebook handles secure logins.
I was wondering where the proper place would be to make a technical request for the boards. I'll post it here and if there is somewhere better I'll post it there.
Is there anyway you guys can get an ssl certificate and mirror the login/landing page as an ssl page? I only ask because when I am at a hotel or another hotspot and don't have my laptop with VPN access I am reluctant to go to a page in the clear and enter my password.
Moxie Marlinskike's presentation at the Black Hat conference exposed some weaknesses in collecting data on a non-ssl page and then passing it to the server through a form initiated ssl connection.
If you could provide a login page located at https://disboards.com just for the log in and then redirect back to the http page it would make security conscious (some would say paranoid) people like me much happier. Even if it requires directly typing the entire url including the resource type so the default login is in the clear it would be a step up in security. This is how Facebook handles secure logins.
Gav N Becx
Mouseketeer
- Joined
- May 20, 2009
- Messages
- 282
Wow didn't even know this existed - cheers for the link Alex.
The article about the hardware you run on was a great read!
Verio has some serious high speed connections.
Frank - good idea about using a secure connection to login.
If the new Dis app has a built in Disboards browser and you login to that using an unsecured connection, would it also be subject to the same issue?
The article about the hardware you run on was a great read!
Verio has some serious high speed connections.
Frank - good idea about using a secure connection to login.
If the new Dis app has a built in Disboards browser and you login to that using an unsecured connection, would it also be subject to the same issue?
dpuck1998
<font color=blue>I'm innocent I tell you...innocen
- Joined
- Apr 28, 2003
- Messages
- 10,279
I had no idea there was a DIS Tech blog...it's like Christmas came early.
I was wondering where the proper place would be to make a technical request for the boards. I'll post it here and if there is somewhere better I'll post it there.
Is there anyway you guys can get an ssl certificate and mirror the login/landing page as an ssl page? I only ask because when I am at a hotel or another hotspot and don't have my laptop with VPN access I am reluctant to go to a page in the clear and enter my password.
Moxie Marlinskike's presentation at the Black Hat conference exposed some weaknesses in collecting data on a non-ssl page and then passing it to the server through a form initiated ssl connection.
If you could provide a login page located at https://disboards.com just for the log in and then redirect back to the http page it would make security conscious (some would say paranoid) people like me much happier. Even if it requires directly typing the entire url including the resource type so the default login is in the clear it would be a step up in security. This is how Facebook handles secure logins.
:cough: nerd :cough:
kafitty
DIS Veteran
- Joined
- Apr 30, 2008
- Messages
- 1,012
I had no idea there was a DIS Tech blog...it's like Christmas came early.
seriously i was pumped too!!
:cough: nerd :cough:
...says the man on a Disney message board.
FireDancer
DIS Legend
- Joined
- Apr 3, 2008
- Messages
- 13,255
I imagine some of the same vulnerabilities would exist in an app but can't say for certain because I am not an app developer. It would be much easier to do on a WiFi connection than the cellular network but considering the encryption of GSM has been broken for years even that isn't impossible. Without getting into ARP-spoofing and how you a man-in-the-middle can make themselves a proxy I would say the safest bet security wise is to make any login page a direct ssl connection to the server.
While in a perfect world all web surfing could be done via ssl it would mean nothing could be cached locally and that would make surfing impractical. A reasonable compromise I think is to use an ssl connection with a server for all login functionality and only stay ssl if you are an e-commerce or financial site. The majority of the web really has to be done in the open to make it work the way it is currently designed.
dpuck1998
<font color=blue>I'm innocent I tell you...innocen
- Joined
- Apr 28, 2003
- Messages
- 10,279
- Joined
- Feb 11, 2007
- Messages
- 17,547
Oy, now I can geek out about how the DIS runs... 
I like the CX4s in general. They perform pretty well. I hate losing 5 disks to the "vault" storage for the OS though. I wonder if they've fixed that...
Is it a single MySQL instance, or are you replicating?
I like the CX4s in general. They perform pretty well. I hate losing 5 disks to the "vault" storage for the OS though. I wonder if they've fixed that...
Is it a single MySQL instance, or are you replicating?
FireDancer
DIS Legend
- Joined
- Apr 3, 2008
- Messages
- 13,255
:cough: nerd :cough:
I know you wanted to ask Don but were too shy.
W
WebmasterAlex
Guest
Oy, now I can geek out about how the DIS runs...
I like the CX4s in general. They perform pretty well. I hate losing 5 disks to the "vault" storage for the OS though. I wonder if they've fixed that...
Is it a single MySQL instance, or are you replicating?
Just a single instance, I was replicating for a bit but there wasn't much advantage. We are tuned for speed not transactional safety, we get a full backup every night and if we lost a few hours of posts it would stink but it wouldn't be the end of the world
I had no idea there was a DIS Tech blog...it's like Christmas came early.
I was wondering where the proper place would be to make a technical request for the boards. I'll post it here and if there is somewhere better I'll post it there.
Is there anyway you guys can get an ssl certificate and mirror the login/landing page as an ssl page? I only ask because when I am at a hotel or another hotspot and don't have my laptop with VPN access I am reluctant to go to a page in the clear and enter my password.
Well there is a request I have never heard before! I can see the merit in the idea but I'll have to look into what would really be involved. It's a little more complicated because of the load balancer etc but we do it on the static site
I guess I should update the tech blog a bit more often
-
Rare New Disney x Loungefly Duo For 'Atlantis' Fans!
-
What's the Best Way to Plan Your First Disney World Trip?
-
Pluto's Pumpkin Pursuit Returns to Disneyland Resort for Halloween Time
-
5 Questions to Ask Yourself Before Buying a DVC Contract
-
We're Discussing the Zootopia Opening Date, Muppets Coaster & More on This Week's Show!
-
Four New Menu Items at The Polite Pig, Disney Springs
-
BIG Ratatouille Update Announced for Disneyland Paris - Is EPCOT Next?
Receive up to $1,000 in Onboard Credit and a Gift Basket!
That’s right — when you book your Disney Cruise with Dreams Unlimited Travel, you’ll receive incredible shipboard credits to spend during your vacation!
CLICK HERE
That’s right — when you book your Disney Cruise with Dreams Unlimited Travel, you’ll receive incredible shipboard credits to spend during your vacation!
CLICK HERE
