1. Minecraft Middle Earth is a Minecraft community that recreates the world described by JRR Tolkien and his writings. Everyone can participate in organized events in which we collaborate to create major landmarks, terrain, caves, castles, towns, farms and more.

    To get started, visit The New Player Guide
    Dismiss Notice

Upcoming encryption for the website

Discussion in 'Development Blogs' started by q220, Jul 29, 2016.

  1. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    www.mcmiddleearth.com will soon have all of its connections encrypted with https://
    You don't have to do anything as a user, but this blog post is to elaborate a bit more of what this actually means, and what the consequences will be.

    Google regularly makes changes to its algorithm to change how websites rank on their search engine. As of now, websites that offer a mobile compliant version get their results higher in the ranking. A few months ago they announced that they would favor websites that only serve https as well. Ofcourse https has way more benefits than just a mere search engine ranking boost, it also protects every data you send to us, essentially eliminating a middle man of snooping or intercepting your data. This might not be especially useful to messages concerning Minecraft, though it is important when there's privacy sensitive information being handled, such as financial or personal information (or if what you write is considered classified).

    https-browsers.png

    Most modern devices and browsers all support https, so this change won't leave anyone outside of the community. You will notice that the connection is secure and encrypted to the website with the https:// prefix and green adress bar. Users who rely on Minecraft Middle Earth uri's will simply be redirected to the https:// equivalent, so bookmarks don't have to be changed.

    Why the change

    https is being more and more important, and even enforced by other companies. For example, Paypal is forcing its communication through https only soon. In order to have continue the donation system to work automatically, I have to support https for the 'paypal answers back' signal to update the amounts and progress on the meter. Security-Related Changes Required to Avoid Service Disruption | PayPal & Braintree | Developer - Blog

    I also explained how this will positively affect our google ranking, and how it secures your communication and data transmission even more.

    External sources

    However, https doesn't like 'mixed content', which means that if you load the website, it asks for all the files required to show you the website, server on the domain mcmiddleearth.com

    If it encounters content from a 'insecure' source, such as external image linking, it will warn you about this and show the website as 'not secure', just because there's something external being shown on your page.

    650x367xchrome-mixed-content-https-problem.png

    Solution

    This problem can be overcome by using a link and image proxy, which is built-in Xenforo. Imagine that you post something from imgur or min.us
    Instead of referring to the external site, our website will download and host the image locally, avoiding the mixed-content problem alltogether. However this is also prone to a problem. Images which are stored this way on the server, will only be saved if there's enough requests. It basically prunes images that aren't used to save space. This could prove troublesome for resources and guides, so in that case it would be better to host your images through our Media Manager or as in-line attachment.
     
  2. _Drayz_

    _Drayz_ Yellow flower puncher

    Joined:
    Dec 19, 2015
    Messages:
    133
    Likes Received:
    92
    Does that mean current links from imgur, say for artist applications will need to be changed and images put on the MCME media?
     
  3. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    They should remain working as long as they are being requested
     
    _Drayz_ and Darki like this.
  4. Dallen

    Dallen Developer
    Developer

    Joined:
    Apr 5, 2014
    Messages:
    589
    Likes Received:
    761
    How? Will xenforo update all the links in the database to be proxied? Is there extra js that redirects the links? This is the biggest problem I see with making the switch. I agree that it is vital to do but we should be sure that it wont screw up all the images on the site when we do it.
     
  5. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    If images were to be hosted on sites like imgur, you end up being screwed either way. There is no control whatsoever for how long the image is going to be there, but I know they remove low traffic images after a while, it happened to our older documentation.

    Essentially when a user makes a request for an image, Xenforo will download the image from that destination, host it locally in a sort of 'cache' and serve it from there. The size of the cache is, technically, limited to the amount of hard drive space I can allocate to it. If you are interested more in to how it works you can watch this video starting from 3:00 XF 1.3 - EXIF Rotation, ACP Searching, Proxying and Change Logging
     
  6. Dallen

    Dallen Developer
    Developer

    Joined:
    Apr 5, 2014
    Messages:
    589
    Likes Received:
    761
    wow, so you are actually correct but that seem ridiculously inefficient to me. The server is parsing all the links and images and then going to get them and cache them. Why not just get them and cache them as people post/edit... That's what nodeBB does to secure its proxies.
     
  7. kisos

    kisos Yellow flower puncher

    Joined:
    Mar 2, 2014
    Messages:
    436
    Likes Received:
    917
    back at it again dev master dallen
     
  8. aeroblitz

    aeroblitz Aspiring Commoner

    Joined:
    Mar 1, 2014
    Messages:
    24
    Likes Received:
    66
  9. meggawatts

    meggawatts Aspiring Commoner

    Joined:
    Mar 1, 2014
    Messages:
    53
    Likes Received:
    126
    chrome_2016-10-21_18-27-29.png
    lol.
     

    Attached Files:

    Dallen likes this.
  10. Dallen

    Dallen Developer
    Developer

    Joined:
    Apr 5, 2014
    Messages:
    589
    Likes Received:
    761
  11. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    The real question here is why would you even personally care about this.?

    I don't see what's so funny about this?

    Not really as it literally takes like 10 minutes to do so at max.
     
  12. Dallen

    Dallen Developer
    Developer

    Joined:
    Apr 5, 2014
    Messages:
    589
    Likes Received:
    761
    TFW q has no idea what /s means
     
    RubenPieterMark and Atlantispy like this.
  13. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    You should know sarcasm is a vocal technique, and does not work with written communication.
     
  14. techdude

    techdude Aspiring Commoner

    Joined:
    Mar 2, 2014
    Messages:
    13
    Likes Received:
    25
    But... Like... That's why people say /s...
     
  15. TheSpeedy_

    TheSpeedy_ Dirt Conaisseur

    Joined:
    Mar 17, 2014
    Messages:
    575
    Likes Received:
    1,443
    I also say %#@& but it doesn't have the same effectiveness as encryption. Or /s
     
  16. meggawatts

    meggawatts Aspiring Commoner

    Joined:
    Mar 1, 2014
    Messages:
    53
    Likes Received:
    126
    Because you still haven't done what you said you'd do. Like always.

    88 days is quite a bit longer than 10 minutes.

    hmu when you're ready to throw in the towel
     
  17. Tyranystrasz

    Tyranystrasz Designer
    Staff Member Designer

    Joined:
    Mar 1, 2014
    Messages:
    826
    Likes Received:
    1,668
    *grabs popcorns*
     
  18. q220

    q220 Eru Iluvatar
    Staff Member

    Joined:
    Mar 1, 2014
    Messages:
    988
    Likes Received:
    1,824
    I think you still hold a major grudge against me. I've done plenty of other things which I said and have done, but it doesn't seem to fit the perspective you are looking from. This kind of behaviour, this 'searching for a point to start any argument, be it wrong or right' isn't going to help or change anything. In fact I can only see it as a kind of bullying or flaming behaviour against my persona.
     
    Commandotrigger, Darki, otho and 11 others like this.
  19. JordD04

    JordD04 One of Us
    Donor

    Joined:
    Mar 1, 2014
    Messages:
    1,003
    Likes Received:
    3,621
    I've gotta say I'm with q on this one, /s is stupid.
     
  20. swcd

    swcd Aspiring Commoner

    Joined:
    Dec 17, 2014
    Messages:
    4
    Likes Received:
    5
    *Used sarcasm in post*

    *Gets banned*

    Ok q, im sorry I was bullying you.
     
    Atlantispy and Indorilian like this.