If anyone wants more info on the Board upgrades we did the other night...

  • Thread starter Thread starter WebmasterAlex
  • Start date Start date
Well there is a request I have never heard before! I can see the merit in the idea but I'll have to look into what would really be involved. It's a little more complicated because of the load balancer etc but we do it on the static site

I guess I should update the tech blog a bit more often :)
Click to expand...

Hey, I'm always curious about these things...I run systems like these myself (load balancing, replication, etc.)

Load balancing SSL is a big pain, especially with authenticated sessions. If it was only done for the authentication itself it may not be an issue, depending on what information is stored in the cookies.

But, since the cookies bear the authentication info after the initial password exchange, if you don't use SSL from login forward then your account is for the most part just as susceptible if you aren't careful.
 
doconeill said:
Hey, I'm always curious about these things...I run systems like these myself (load balancing, replication, etc.)

Load balancing SSL is a big pain, especially with authenticated sessions. If it was only done for the authentication itself it may not be an issue, depending on what information is stored in the cookies.

But, since the cookies bear the authentication info after the initial password exchange, if you don't use SSL from login forward then your account is for the most part just as susceptible if you aren't careful.
Click to expand...

Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
 
WebmasterAlex said:
Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
Click to expand...

That's what I figured would be the limitation.
 

Great to see the work that you do Alex getting the appreciation it deserves :thumbsup2
 
WebmasterAlex said:
Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
Click to expand...

Huh, I never thought of the load balancing effecting the use of ssl. I have never had to deal with distributing an ssl session so you have me there.

I could see not having the login page default to ssl and forcing the manual typing of the address with the https:// manually appended. Maybe at that point the ptr record would direct to one of the sites and not the other replications. The software you use to replicate may have a way of forcing traffic to a specific site for ssl. I haven't looked into the logistics of that, it was more just thinking out loud. I imagine it would not be a highly used feature so I don't think the load balancing would be overly effected but working in I.T. for a financial institution makes me think of these things.

I also see the merits of staying https if it were a site where financial information or other high value info was being passed back to the server. I am not concerned with my posts being sniffed as much as just the login credentials. I was thinking of the hotmail model where you can choose to use enhanced security to login and you are then presented with an ssl login page. After loging in the rest of the session is in the clear. This is probably a bad idea for email (and why I use gmail mostly), but would work for a forum. It isn't a big deal for me because I use a unique password for this site for this very reason. I was just throwing it out there as a suggestion.
 
FireDancer said:
Huh, I never thought of the load balancing effecting the use of ssl. I have never had to deal with distributing an ssl session so you have me there.

I could see not having the login page default to ssl and forcing the manual typing of the address with the https:// manually appended. Maybe at that point the ptr record would direct to one of the sites and not the other replications. The software you use to replicate may have a way of forcing traffic to a specific site for ssl. I haven't looked into the logistics of that, it was more just thinking out loud. I imagine it would not be a highly used feature so I don't think the load balancing would be overly effected but working in I.T. for a financial institution makes me think of these things.

I also see the merits of staying https if it were a site where financial information or other high value info was being passed back to the server. I am not concerned with my posts being sniffed as much as just the login credentials. I was thinking of the hotmail model where you can choose to use enhanced security to login and you are then presented with an ssl login page. After loging in the rest of the session is in the clear. This is probably a bad idea for email (and why I use gmail mostly), but would work for a forum. It isn't a big deal for me because I use a unique password for this site for this very reason. I was just throwing it out there as a suggestion.
Click to expand...

It wasn't a bad idea at all and it appears that others have tried it with VB, not even load balanced and have had issues, the devil is in the details!
 
You must log in or register to reply here.

New Threads

M
Newbie booking question
Replies
2
Views
58
Wedgeout
Wedgeout
GatorChris
Disneyland needs the Tropical Serenade
Replies
0
Views
223
GatorChris
GatorChris
K
Christmas Danube 2025 River Cruise
Replies
0
Views
241
Karidisney05
K
RedAngie
High Tech
Replies
3
Views
430
BrianL
BrianL
D
Got this email for our trip home from British air
Replies
3
Views
495
Mommb
M
B
Ministry of Magic express line
Replies
0
Views
542
Brandis
B
hllb
When might late January 2026 discounts come out?
Replies
2
Views
575
hllb
hllb
J
If we don't purchase Memory Maker, how much is a single picutre?
Replies
2
Views
677
sponica
sponica
NEWS & UPDATES




New Posts








Receive up to $1,000 in Onboard Credit and a Gift Basket!
That’s right — when you book your Disney Cruise with Dreams Unlimited Travel, you’ll receive incredible shipboard credits to spend during your vacation!
CLICK HERE







New Posts

Geomom
WONDERful Alaska for Gold! 8/11/25-8/18/25
2
Replies
25
Views
2K
Geomom
Geomom
miztressuz
I love credit cards so much! v7.0 - 2025 (see first page for add'l details)
245 246 247
Replies
5K
Views
359K
elgerber
elgerber
C
Priceline Express Deals
432 433 434
Replies
9K
Views
1M
JJTNY
JJTNY
T
Rain and crowded parks
2
Replies
22
Views
2K
kylenne
kylenne
N
LL end of August
Replies
5
Views
2K
scrappinginontario
scrappinginontario
vinotinto
Bounceback Information and FAQ Thread - 25-35% off BOUNCEBACKS ARE EXTENDED through Oct 2026! Updated 5/22/2025
112 113 114
Replies
2K
Views
419K
AngusIsMySpiritAnimal
A
Steelers0854
Best off-property suggestions?
Replies
10
Views
2K
CarolynFH
CarolynFH
D
Got this email for our trip home from British air
Replies
3
Views
495
Mommb
M
Imzadi
Dancing With the Stars - Fall 2025
2
Replies
29
Views
4K
Kim&Chris
Kim&Chris
RedSox68
New Disney Ships: News, Rumors, Speculation.....and Names!
173 174 175
Replies
3K
Views
487K
Duckbug.Ducktales
Duckbug.Ducktales
View more…




DIS Facebook DIS youtube DIS Instagram DIS Pinterest DIS Tiktok DIS Twitter DIS Bluesky

Back
Top