Post Reply 
Unsecure connection
04-25-2018, 09:26 AM
Post: #1
Unsecure connection
Since the main page and the login page is not HTTPS, security alert writing username and password is always shown.

If possible to specify these pages URL with https, that would probably be enough to fix security alerts.

Thank you.
Find all posts by this user
Quote this message in a reply
04-25-2018, 11:04 AM
Post: #2
RE: Unsecure connection
not really. For https one needs a SSL certificate that cost $$$, or one needs to play with Let's encrypt. That costs time.

If one messes up with SSL, you get a red warning, that is even worse.

I think the forum is "uninteresting" enough that http connection is enough compared to the effort to care about the https connection.

Wikis are great, Contribute :)
Find all posts by this user
Quote this message in a reply
04-25-2018, 04:19 PM
Post: #3
RE: Unsecure connection
While it's true that there's no technical reason that secure connections are needed, there is a definite effort underway to change the public's perception of the need for all http traffic to be handled in secure fashion.

Web browsers are being modified over time to make standard http connections more obvious (and scary looking) compared to https. Perhaps the biggest driver behind content provider's implementation of secure websites, though, is SEO/ranking. Google announced as early as 2014 that they were beginning to increase search rank "slightly" for secure sites, along with the intent to increase the advantage over time.

Let's Encrypt is free, but requires server-side support that may not be easy to implement for some hosting environments. If you can't go that route, a standard "PositiveSSL" certificate can be purchased at a low cost ($3.88/year at present from SSLs.com).

IMHO, it's not a matter of "if", but "when". We aren't yet at a point where this is a necessity, but that time is coming.
Find all posts by this user
Quote this message in a reply
04-26-2018, 08:02 AM
Post: #4
RE: Unsecure connection
An alternative to Let's Encrypt is Cloudflare. It sounds easy and transparent but I haven't tried it.
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)