Welcome to ECCIE, become a part of the fastest growing adult community. Take a minute & sign up!

Welcome to ECCIE - Sign up today!

Become a part of one of the fastest growing adult communities online. We have something for you, whether you’re a male member seeking out new friends or a new lady on the scene looking to take advantage of our many opportunities to network, make new friends, or connect with people. Join today & take part in lively discussions, take advantage of all the great features that attract hundreds of new daily members!

Go Premium

Go Back   ECCIE Worldwide > General Interest > Member Suggestions and Forum Requests
test
Member Suggestions and Forum Requests This site is being designed around our membership. Please share your feedback and give suggestions. Use this section to request new forums or changes/updates as well. (For staff assistance, contact your local moderator, or see the "Emails to the Staff" post in the Questions for the Staff forum in each city)

Most Favorited Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Most Liked Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Top Reviewers
cockalatte 649
MoneyManMatt 490
Jon Bon 400
Still Looking 399
samcruz 399
Harley Diablo 377
honest_abe 362
DFW_Ladies_Man 313
Chung Tran 288
lupegarland 287
nicemusic 285
Starscream66 282
You&Me 281
George Spelvin 270
sharkman29 256
Top Posters
DallasRain70827
biomed163721
Yssup Rider61291
gman4453366
LexusLover51038
offshoredrilling48830
WTF48267
pyramider46370
bambino43221
The_Waco_Kid37425
CryptKicker37231
Mokoa36497
Chung Tran36100
Still Looking35944
Mojojo33117

Reply
 
Thread Tools
Old 01-10-2010, 07:09 PM   #1
GneissGuy
Thank God it's Firday!
 
GneissGuy's Avatar
 
Join Date: Dec 12, 2009
Location: Austin, TX
Posts: 2,698
Encounters: 12
Default SSL/https connection

I'd like to suggest that eccie be set up to optionally allow connections via SSL/https:

The advantage of this is that it makes it much more difficult for someone to snoop on your web browsing.

If you properly use a properly configured SSL/https web site, it helps keep people from snooping on your browsing. They can see that you're visiting https://www.eccie.net/threadid=1324, but they can't see what you're typing, what your password is, or your userid. They also can't impersonate the web site by, for instance by putting up an identical looking web site that asks for your password. (If the user is careful and looks for the web site ID and lock symbol.)

This will make it much more difficult for your ISP to snoop on you. There are also a lot of people who set up IP snooping for commercial criminal purposes. For instance, it's common for someone to set up a rogue wireless access point at a hotel or near a legitimate free wireless point at a restaurant. They can then see passwords, account numbers, and set up web sites that impersonate other web sites. This is a lot harder if you're going to an https web site. They're usually out to steal credi card numbers, bank account numbers and passwords, etc. but they might abuse an eccie account number too. It could also be used by a stalker who knows a lady is at a particular hotel.

It does require setting up the web server that way. The web site needs to have the links set up correctly. (For instance, the links need to specify www.eccie.net, not http://www.eccie.net.)

ASPD had this. It had a few problems, but it mostly worked.
GneissGuy is offline   Quote
Old 01-10-2010, 10:38 PM   #2
ztonk
Moderator
 
ztonk's Avatar
 
Join Date: Dec 17, 2009
Location: Earth
Posts: 18,583
Encounters: 21
Default

I heartily second this one!

There would be the cost of getting a certificate from a recognized certificate authority (CA) and it would be a bit more taxing on the web server, but I think it would be well worth it!
ztonk is offline   Quote
Old 01-10-2010, 10:49 PM   #3
LazurusLong
Valued Poster
 
LazurusLong's Avatar
 
Join Date: Apr 1, 2009
Location: Coventry
Posts: 5,947
Encounters: 47
Default

Not sure how well that worked for ASPD since it did nothing to protect the site from hackers and no one is entering any account numbers or credit card information on a review board.

I wonder how many attempts to capture a user name and password to an escort review board for "commercial criminal purposes" might have happened?

How much more server use would this incur? Give the dramatic increase in bandwidth and server churn with the tremendous growth since ASPD went dark, what actual quantifiable benefits to the site would there be?
LazurusLong is offline   Quote
Old 01-11-2010, 01:45 AM   #4
GneissGuy
Thank God it's Firday!
 
GneissGuy's Avatar
 
Join Date: Dec 12, 2009
Location: Austin, TX
Posts: 2,698
Encounters: 12
Default

Quote:
Originally Posted by LazurusLong View Post
Not sure how well that worked for ASPD since it did nothing to protect the site from hackers and no one is entering any account numbers or credit card information on a review board.

I wonder how many attempts to capture a user name and password to an escort review board for "commercial criminal purposes" might have happened?

How much more server use would this incur? Give the dramatic increase in bandwidth and server churn with the tremendous growth since ASPD went dark, what actual quantifiable benefits to the site would there be?
SSL/https only protects against eavesdropping. It gives you no protection at all against the vast majority of ways of hacking a web site. It protects the end user, not the web site that much.

However, if you don't use SSL/https, any internet provider in the path between the admin's internet connection and the web host can steal the admin's passwords any time he logs in and then log in as an admin. This would include the guy running the free wireless in the coffee shop, bar, hotel, etc. or someone with a rogue access point at any such place.
GneissGuy is offline   Quote
Old 01-12-2010, 10:44 AM   #5
laserface
Premium Access
 
laserface's Avatar
 
Join Date: Dec 30, 2009
Location: Pittsburgh, PA
Posts: 1,675
Encounters: 36
Default

GoDaddy's "Standard SSL" certificate is cheap (normal price $49.95/year, currently running a special for $29.95 for the first year for new customers, multi-year certificates available at discounted rates), and doesn't require any validation or documentation other than having an e-mail sent to (and appropriately responded to by) the contact address in the domain's WHOIS information.
laserface is offline   Quote
Old 11-15-2015, 08:35 AM   #6
ravishme
Registered Member
 
ravishme's Avatar
 
Join Date: Dec 24, 2013
Location: USA
Posts: 13
Encounters: 7
Default

[also posted in a related thread]

ANY site that accepts passwords SHOULD use HTTPS. Period
. Otherwise any user logging in immediately gives his/her credentials to everybody between the two ends of the connection, and many of those middlemen serve that data up on a platter to everybody who asks, and everybody who's hacked into their networks.

This also means that from the moment one logs in without HTTPS, a number of people and/or software entities can then log into one's account at will and do anything with it.

Configuring the web server's TLS (since the older SSL is basically cracked now) is interesting too, since ideally you want to provide only modern, more secure encryptions and forward secrecy (which means cracking keys doesn't crack all the past sessions' content along with them).

I think the problem is that most folks assume a site like this would at least have HTTPS, and then spill their guts all over the site in utterly readable-on-the-wire cleartest based on that faith.

HTTPS isn't uncrackable - the odds are any organization with enough cash to throw at the problem will eventually be able to crack it (hence the desire for forward secrecy), But it does change things from anybody being able to read *everything* without ANY effort, to requiring (usually) an expensive operation to capture any text at all. Assuming the web servers TLS (used by HTTPS) is correctly set up, etc.

Refs:
http://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
https://www.ssllabs.com/ssltest/

I'm not offering to do it (sorry), but I do want to emphasize the someone really, really needs to.
ravishme is offline   Quote
Old 11-15-2015, 07:35 PM   #7
squashhead
Valued Poster
 
Join Date: Jan 19, 2014
Location: South
Posts: 181
Encounters: 16
Default

I am also in favor of https. But unfortunately not very many users take the time to chime in on their support of it.
squashhead is offline   Quote
Reply

Thread Tools


AMPReviews.net
Find Ladies
Hot Women

Powered by vBulletin®
Copyright © 2009 - 2016, ECCIE Worldwide, All Rights Reserved