+- HP Forums (https://www.hpmuseum.org/forum)
+-- Forum: Not HP Calculators (/forum-7.html)
+--- Forum: Forum Issues and Administration (/forum-19.html)
+--- Thread: Unsecure connection (/thread-10571.html)
Unsecure connection - sasa - 04-25-2018 09:26 AM
Since the main page and the login page is not HTTPS, security alert writing username and password is always shown.
If possible to specify these pages URL with https, that would probably be enough to fix security alerts.
Thank you.
RE: Unsecure connection - pier4r - 04-25-2018 11:04 AM
not really. For https one needs a SSL certificate that cost $$$, or one needs to play with Let's encrypt. That costs time.
If one messes up with SSL, you get a red warning, that is even worse.
I think the forum is "uninteresting" enough that http connection is enough compared to the effort to care about the https connection.
RE: Unsecure connection - DavidM - 04-25-2018 04:19 PM
While it's true that there's no technical reason that secure connections are needed, there is a definite effort underway to change the public's perception of the need for all http traffic to be handled in secure fashion.
Web browsers are being modified over time to make standard http connections more obvious (and scary looking) compared to https. Perhaps the biggest driver behind content provider's implementation of secure websites, though, is SEO/ranking. Google announced as early as 2014 that they were beginning to increase search rank "slightly" for secure sites, along with the intent to increase the advantage over time.
Let's Encrypt is free, but requires server-side support that may not be easy to implement for some hosting environments. If you can't go that route, a standard "PositiveSSL" certificate can be purchased at a low cost ($3.88/year at present from SSLs.com).
IMHO, it's not a matter of "if", but "when". We aren't yet at a point where this is a necessity, but that time is coming.
RE: Unsecure connection - EdS2 - 04-26-2018 08:02 AM
An alternative to Let's Encrypt is Cloudflare. It sounds easy and transparent but I haven't tried it.