If anyone wants more info on the Board upgrades we did the other night...

  • Thread starter Thread starter WebmasterAlex
  • Start date Start date
Well there is a request I have never heard before! I can see the merit in the idea but I'll have to look into what would really be involved. It's a little more complicated because of the load balancer etc but we do it on the static site

I guess I should update the tech blog a bit more often :)
Click to expand...

Hey, I'm always curious about these things...I run systems like these myself (load balancing, replication, etc.)

Load balancing SSL is a big pain, especially with authenticated sessions. If it was only done for the authentication itself it may not be an issue, depending on what information is stored in the cookies.

But, since the cookies bear the authentication info after the initial password exchange, if you don't use SSL from login forward then your account is for the most part just as susceptible if you aren't careful.
 
doconeill said:
Hey, I'm always curious about these things...I run systems like these myself (load balancing, replication, etc.)

Load balancing SSL is a big pain, especially with authenticated sessions. If it was only done for the authentication itself it may not be an issue, depending on what information is stored in the cookies.

But, since the cookies bear the authentication info after the initial password exchange, if you don't use SSL from login forward then your account is for the most part just as susceptible if you aren't careful.
Click to expand...

Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
 
WebmasterAlex said:
Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
Click to expand...

That's what I figured would be the limitation.
 

Great to see the work that you do Alex getting the appreciation it deserves :thumbsup2
 
WebmasterAlex said:
Our load balancer does "sticky sessions" so it's not insurmountable, I did a bit of reading and the bigger issue is the vbulletin software, I have seen a few statements that it either has to be all http or all https
Click to expand...

Huh, I never thought of the load balancing effecting the use of ssl. I have never had to deal with distributing an ssl session so you have me there.

I could see not having the login page default to ssl and forcing the manual typing of the address with the https:// manually appended. Maybe at that point the ptr record would direct to one of the sites and not the other replications. The software you use to replicate may have a way of forcing traffic to a specific site for ssl. I haven't looked into the logistics of that, it was more just thinking out loud. I imagine it would not be a highly used feature so I don't think the load balancing would be overly effected but working in I.T. for a financial institution makes me think of these things.

I also see the merits of staying https if it were a site where financial information or other high value info was being passed back to the server. I am not concerned with my posts being sniffed as much as just the login credentials. I was thinking of the hotmail model where you can choose to use enhanced security to login and you are then presented with an ssl login page. After loging in the rest of the session is in the clear. This is probably a bad idea for email (and why I use gmail mostly), but would work for a forum. It isn't a big deal for me because I use a unique password for this site for this very reason. I was just throwing it out there as a suggestion.
 
FireDancer said:
Huh, I never thought of the load balancing effecting the use of ssl. I have never had to deal with distributing an ssl session so you have me there.

I could see not having the login page default to ssl and forcing the manual typing of the address with the https:// manually appended. Maybe at that point the ptr record would direct to one of the sites and not the other replications. The software you use to replicate may have a way of forcing traffic to a specific site for ssl. I haven't looked into the logistics of that, it was more just thinking out loud. I imagine it would not be a highly used feature so I don't think the load balancing would be overly effected but working in I.T. for a financial institution makes me think of these things.

I also see the merits of staying https if it were a site where financial information or other high value info was being passed back to the server. I am not concerned with my posts being sniffed as much as just the login credentials. I was thinking of the hotmail model where you can choose to use enhanced security to login and you are then presented with an ssl login page. After loging in the rest of the session is in the clear. This is probably a bad idea for email (and why I use gmail mostly), but would work for a forum. It isn't a big deal for me because I use a unique password for this site for this very reason. I was just throwing it out there as a suggestion.
Click to expand...

It wasn't a bad idea at all and it appears that others have tried it with VB, not even load balanced and have had issues, the devil is in the details!
 
You must log in or register to reply here.

New Threads

Gabby01
Kennedy Space Center questions
Replies
0
Views
42
Gabby01
Gabby01
LoveDaisy
Virgin Cruises
Replies
2
Views
358
kdonnel
kdonnel
K
Positive/negatives of using a travel agent when booking a package at WDW?
Replies
4
Views
433
gottalovepluto
gottalovepluto
Dis_Yoda
"Your focus determines your reality" - Fall 2025 Travel Adventures
Replies
1
Views
455
Dis_Yoda
Dis_Yoda
foolish-mortal
Didn't we used to get 2 luggage tags pp?
Replies
11
Views
663
happycamper47
happycamper47
crazy4wdw
Great Irish Hooley returns to Raglan Road on 8/29
Replies
0
Views
451
crazy4wdw
crazy4wdw
C
Ground Transportation To/From WDW Resorts
Replies
3
Views
156
Tripscarcare
T
Neapolitan Ice Cream
Well well well!
Replies
0
Views
501
Neapolitan Ice Cream
Neapolitan Ice Cream
NEWS & UPDATES




New Posts








Receive up to $1,000 in Onboard Credit and a Gift Basket!
That’s right — when you book your Disney Cruise with Dreams Unlimited Travel, you’ll receive incredible shipboard credits to spend during your vacation!
CLICK HERE







New Posts

Newsies
Newsies Cruises (or, How We Braved Hurricane Erin on the Magic) - Our First DCL Adventure! - Aug '25
Replies
13
Views
2K
SaraSpringsIsHome
SaraSpringsIsHome
hhisc16
*HHI Owners and Beach Lovers Group Thread*
98 99 100
Replies
2K
Views
232K
Pens Fan
Pens Fan
D
ROFR Riviera Should Carry Restrictions
2
Replies
30
Views
3K
zavandor
Z
Joroc0801
LL/Cabins Dues Logic
2
Replies
34
Views
3K
DVCPAT
DVCPAT
disneychrista
Taylor & Travis engaged
2
Replies
24
Views
960
Marrila
Marrila
N
What’s for Dinner Tonight?
332 333 334
Replies
7K
Views
352K
Suger Mag
Suger Mag
LavaMama
Do I have all of my Resale Purchase Paperwork?
Replies
2
Views
1K
Pens Fan
Pens Fan
pinkxray
Thanksgiving week itinerary
Replies
7
Views
1K
pinkxray
pinkxray
MKCP1984
**116 SSR June U.Y. Points for Rent ONLY@ $18.50pp
Replies
7
Views
611
MKCP1984
MKCP1984
L
Experience with financial planners/advisors?
Replies
7
Views
2K
lorimt
L
View more…




DIS Facebook DIS youtube DIS Instagram DIS Pinterest DIS Tiktok DIS Twitter DIS Bluesky

Back
Top