HP Forums

Full Version: Unsecure connection
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Since the main page and the login page is not HTTPS, security alert writing username and password is always shown.

If possible to specify these pages URL with https, that would probably be enough to fix security alerts.

Thank you.
not really. For https one needs a SSL certificate that cost $$$, or one needs to play with Let's encrypt. That costs time.

If one messes up with SSL, you get a red warning, that is even worse.

I think the forum is "uninteresting" enough that http connection is enough compared to the effort to care about the https connection.
While it's true that there's no technical reason that secure connections are needed, there is a definite effort underway to change the public's perception of the need for all http traffic to be handled in secure fashion.

Web browsers are being modified over time to make standard http connections more obvious (and scary looking) compared to https. Perhaps the biggest driver behind content provider's implementation of secure websites, though, is SEO/ranking. Google announced as early as 2014 that they were beginning to increase search rank "slightly" for secure sites, along with the intent to increase the advantage over time.

Let's Encrypt is free, but requires server-side support that may not be easy to implement for some hosting environments. If you can't go that route, a standard "PositiveSSL" certificate can be purchased at a low cost ($3.88/year at present from SSLs.com).

IMHO, it's not a matter of "if", but "when". We aren't yet at a point where this is a necessity, but that time is coming.
An alternative to Let's Encrypt is Cloudflare. It sounds easy and transparent but I haven't tried it.
Reference URL's