SSL

[DRE]

The true image URL is encrypted so people can't simply utilize the proxy mechanism for their own stuff and leech your resources/bandwidth or use your servers for a DDoS attack proxy.

That's pretty awesome how do I sign up?

 

[digitalpoint]

That's pretty awesome how do I sign up?

Going to run it on my site for a bit to see what sort of stuff comes up... Already saw my Server Error Logs going crazy right when it went live... since it logs things like DNS resolution errors or network not reachable errors when the system tries to get the image. Suppressed though real quick. lol

 

[DRE]

Aww snap. Looks real promising though. So with something like that script, no need for htaccess hotlinking apache rewrites?

 

[digitalpoint]

Aww snap. Looks real promising though. So with something like that script, no need for htaccess hotlinking apache rewrites?

Currently it won't prevent hotlinking if the generated image URL is known.. just prevents someone from using your proxy script to build their own images.

Although I thought about adding hotlink protection as an option for it, just didn't do it yet... not sure it's really worth it since people that want it are probably already doing it at the web server level and gives them more control than I'd be willing to build for it (like allowing certain third party sites to hotlink).

 

[Mike Edge]

Can do this already using meta mirror addon.

 

[digitalpoint]

Can do this already using meta mirror addon.

Indeed... personally I didn't want to do it that way because I didn't want an extra million or so attachments in my database.

 

[Mike Edge]

Indeed... personally I didn't want to do it that way because I didn't want an extra million or so attachments in my database.

Yeah agree for sure with a site your size. Someone's site like Dre though, it might be a solution to consider. I do like the random generator you put into it. I will for sure purchase premium on your site again when released to get it

 

[digitalpoint]

Also, besides just storage requirements, there are some upsides to not doing it in attachments... Using attachments requires database queries for every image displayed since they are permissions based. My proxy system shuts down everything requiring queries (for example user sessions are not even initialized). So displaying an image requires zero queries.

Notice the underlying HTTP request doesn't even try to set a session cookie (no cookies being set at all):

https://tools.digitalpoint.com/head...naX5JwaVgGu48O5BBX8QDEFuY9B5407kQ%3D%3D/image

Now compare this to an image stored as an attachment:

https://tools.digitalpoint.com/head...s.digitalpoint.com/attachments/pl-png.130358/

It requires queries to check permissions, and the attachment system also forces a cache-control max age of 0... meaning every time you view the image it's going to redownload it entirely (probably needs to be that way for accurate attachment view/download counters).

On the other hand, I'm using a cache-control header of 1 year... meaning if the user has seen the image in the last year and they haven't flushed their cache, the browser isn't even going to bother checking if the image changed (faster page loads and less HTTP requests).

 

[rdn]

That's another great addon/feature @digitalpoint

 

[thedude]

We wrote a very similar system with some ideas borrowed from camo. HMAC digest in the proxy URL to prevent DOS by proxy. We hook the bbcode parser and when it parses img tags we calculate what the new proxied image src will be and save it cached with the bbcode itself in the db so we only have to calc everything on creation.

We hook the bbcode renderer and do a fast and cheap replace on the src with the url we calculated earlier.

 

[The Dark Wizard]

@digitalpoint, so this addon will make it so images don't break the SSL icon and warn users about insecure content?

 

[rdn]

@digitalpoint, so this addon will make it so images don't break the SSL icon and warn users about insecure content?

Yes.

 

[DRE]

Looks like the $5 SSL by Go Daddy is no longer on sale. Started looking for some other SSLs.

Looks like @Marcus is having issues with his free Class 1 SSL by StartSSL.

Saw a Class 2 review by @digitalpoint though.

Also, for those wanting to get a SSL certificate, StartSSL is pretty reasonable...

$59.90 to get class 2 identity verified, and $59.90 to get a class 2 organization verified... at which point they will issue you a sub-domain wildcard+multi-domain certificate good for 2 years.

https://www.startssl.com/?app=40

For example, our single SSL cert works for *digitalpoint.com, *dpstatic.com and *digitalpointads.com (but you can have even more domains than that too).

To give an example, normally just a sub-domain wildcard certificate for a SINGLE domain runs over $1,000 for 2 years...

http://www.thawte.com/ssl/index.html

How did you find out about this StartSSL company? Is it a reputable firm with a long history?
How much and which type of product did you purchase for all of your site?

I did the personal verification for $59.90, and then the organization verification for another $59.90 (you need the personal in order to do the verification). So the grand total cost was $119.80 for a 2 year SSL certificate that works on all sub-domains as well as multiple primary domains.

https://www.startssl.com/?app=40

I didn't research them, but their root certificate is accepted by every browser used, which is all I really cared about.

 

[Deebs]

Looks like the $5 SSL by Go Daddy is no longer on sale. Started looking for some other SSLs.

Looks like @Marcus is having issues with his free Class 1 SSL by StartSSL.

Saw a Class 2 review by @digitalpoint though.

My forums are using a StartSSL certificate without any issues.

 

[DRE]

My forums are using a StartSSL certificate without any issues.

What class?

 

[Deebs]

Class 2. Personally identified using my passport along with a phonecall etc.

 

[DRE]

I don't even think I have a passport lol pass on that.

 

[Deebs]

I don't even think I have a passport lol pass on that.

American?

 

[DRE]

Yeah.

 

[Deebs]

Yeah.

That explains the passport.