whispercricket (whispercricket) wrote in suggestions,

Option to use site over SSL

Option to use site over SSL

Short, concise description of the idea
Allow users to login and use site over SSL, so that information read / posted is encrypted.

Full description of the idea
Although it is possible to make journal entries protected or private, that information still is sent and fetched from the LiveJournal servers. That means that the possibly sensitive writings can be caught along the way, whether by caching proxies or sniffers or some other sort of device. I'd feel much more comfortable if the information at least was encrypted using SSL. Since SSL can cause performance issues, I'd suggest allowing users the choice whether or not to use SSL, so that users who care about their data being encrypted can use SSL but others don't have to.

An ordered list of benefits

  • Truer privacy / security - less of a chance that someone else somewhere in the world can read your private information.
  • Some possible users may be turned off by the fact that they have to have an online journal that is not encrypted, so it's possible that more subscriptions could occur. Perhaps make this a paid account only option (if there's a monetary overhead to implementing it).
  • An ordered list of problems/issues involved

  • Technical difficulty of implementing SSL (depends on servers being used).
  • Price of server certificate.
  • Could have performance implications, as encryption does add overhead.
  • Could add to server load, as servers probably would be serving SSL and non-SSL connections instead of just non-SSL (although the same amount of traffic would be going through the servers).
  • An organized list, or a few short paragraphs detailing suggestions for implementation

  • Implementing SSL is pretty straightforward, depending on what sort of system is being used (there are even free options, such as openSSL for Apache). After setting up a secure server, you should be able to have both the http and https servers point at the same docroot, so the content wouldn't need to be replicated.
  • There would need to be a small code change so that an option box is added allowing users to login via SSL if they choose and if selected, routing the users to the secure server.
  • Tags: security, § historical
    • Post a new comment


      Anonymous comments are disabled in this journal

      default userpic

      Your reply will be screened

      Your IP address will be recorded