Upcoming encryption for the website

  • Minecraft Middle Earth is a Minecraft community that recreates the world described by JRR Tolkien and his writings. Everyone can participate in organized events in which we collaborate to create major landmarks, terrain, caves, castles, towns, farms and more.

    To get started, visit The New Player Guide

q220

Eru Iluvatar
Staff member
Donor
Mar 1, 2014
1,152
2,035
99
30
Belgium
www.nickyvermeersch.me
Languages
Dutch (native), English, French.
#1
www.mcmiddleearth.com will soon have all of its connections encrypted with https://
You don't have to do anything as a user, but this blog post is to elaborate a bit more of what this actually means, and what the consequences will be.

Google regularly makes changes to its algorithm to change how websites rank on their search engine. As of now, websites that offer a mobile compliant version get their results higher in the ranking. A few months ago they announced that they would favor websites that only serve https as well. Ofcourse https has way more benefits than just a mere search engine ranking boost, it also protects every data you send to us, essentially eliminating a middle man of snooping or intercepting your data. This might not be especially useful to messages concerning Minecraft, though it is important when there's privacy sensitive information being handled, such as financial or personal information (or if what you write is considered classified).

https-browsers.png


Most modern devices and browsers all support https, so this change won't leave anyone outside of the community. You will notice that the connection is secure and encrypted to the website with the https:// prefix and green adress bar. Users who rely on Minecraft Middle Earth uri's will simply be redirected to the https:// equivalent, so bookmarks don't have to be changed.

Why the change

https is being more and more important, and even enforced by other companies. For example, Paypal is forcing its communication through https only soon. In order to have continue the donation system to work automatically, I have to support https for the 'paypal answers back' signal to update the amounts and progress on the meter. Security-Related Changes Required to Avoid Service Disruption | PayPal & Braintree | Developer - Blog

I also explained how this will positively affect our google ranking, and how it secures your communication and data transmission even more.

External sources

However, https doesn't like 'mixed content', which means that if you load the website, it asks for all the files required to show you the website, server on the domain mcmiddleearth.com

If it encounters content from a 'insecure' source, such as external image linking, it will warn you about this and show the website as 'not secure', just because there's something external being shown on your page.

650x367xchrome-mixed-content-https-problem.png


Solution

This problem can be overcome by using a link and image proxy, which is built-in Xenforo. Imagine that you post something from imgur or min.us
Instead of referring to the external site, our website will download and host the image locally, avoiding the mixed-content problem alltogether. However this is also prone to a problem. Images which are stored this way on the server, will only be saved if there's enough requests. It basically prunes images that aren't used to save space. This could prove troublesome for resources and guides, so in that case it would be better to host your images through our Media Manager or as in-line attachment.
 

_Drayz_

Hardcore MCME-er
Dec 19, 2015
133
92
30
16
Languages
English
#2
Does that mean current links from imgur, say for artist applications will need to be changed and images put on the MCME media?
 

Dallen

Developer
Developer
Apr 5, 2014
617
756
25
Dallen's tavern, Bree
dallen.io
Languages
American, Freedom
#4
They should remain working as long as they are being requested
How? Will xenforo update all the links in the database to be proxied? Is there extra js that redirects the links? This is the biggest problem I see with making the switch. I agree that it is vital to do but we should be sure that it wont screw up all the images on the site when we do it.
 

q220

Eru Iluvatar
Staff member
Donor
Mar 1, 2014
1,152
2,035
99
30
Belgium
www.nickyvermeersch.me
Languages
Dutch (native), English, French.
#5
If images were to be hosted on sites like imgur, you end up being screwed either way. There is no control whatsoever for how long the image is going to be there, but I know they remove low traffic images after a while, it happened to our older documentation.

Essentially when a user makes a request for an image, Xenforo will download the image from that destination, host it locally in a sort of 'cache' and serve it from there. The size of the cache is, technically, limited to the amount of hard drive space I can allocate to it. If you are interested more in to how it works you can watch this video starting from 3:00 XF 1.3 - EXIF Rotation, ACP Searching, Proxying and Change Logging
 

Dallen

Developer
Developer
Apr 5, 2014
617
756
25
Dallen's tavern, Bree
dallen.io
Languages
American, Freedom
#6
wow, so you are actually correct but that seem ridiculously inefficient to me. The server is parsing all the links and images and then going to get them and cache them. Why not just get them and cache them as people post/edit... That's what nodeBB does to secure its proxies.
 

Kisos

Hardcore MCME-er
Mar 2, 2014
437
879
25
KA
Languages
Meme
#7
back at it again dev master dallen
 

q220

Eru Iluvatar
Staff member
Donor
Mar 1, 2014
1,152
2,035
99
30
Belgium
www.nickyvermeersch.me
Languages
Dutch (native), English, French.
#11

meggawatts

Manual Treebuilder
Mar 1, 2014
53
108
12
Chicago
fortkickass.co
#16
I don't see what's so funny about this?
Because you still haven't done what you said you'd do. Like always.

Not really as it literally takes like 10 minutes to do so at max.
88 days is quite a bit longer than 10 minutes.

hmu when you're ready to throw in the towel
 

Tyranystrasz

Designer
Staff member
Designer
Mar 1, 2014
833
1,681
33
22
Italy
Languages
Italian English Norwegian(basic)
#17
Because you still haven't done what you said you'd do. Like always.


88 days is quite a bit longer than 10 minutes.

hmu when you're ready to throw in the towel
*grabs popcorns*
 

q220

Eru Iluvatar
Staff member
Donor
Mar 1, 2014
1,152
2,035
99
30
Belgium
www.nickyvermeersch.me
Languages
Dutch (native), English, French.
#18
Because you still haven't done what you said you'd do. Like always.l
I think you still hold a major grudge against me. I've done plenty of other things which I said and have done, but it doesn't seem to fit the perspective you are looking from. This kind of behaviour, this 'searching for a point to start any argument, be it wrong or right' isn't going to help or change anything. In fact I can only see it as a kind of bullying or flaming behaviour against my persona.