Pages: (6) « First ... 4 5 6  ( Go to first unread post ) Add ReplyNew TopicNew Poll

 HTTPS Encrypted Browsing
#
QUOTE (GMaster479 @ Mar 2 2018, 09:18 PM)
Any idea when we will be able to make domains used in the Domain Control Center usable for HTTPS or is there any way to do so right now?

I wish I had more information but there were some setbacks with this. It's complicated to implement and the ACME client has changed now. I'm looking at the new ACME v2 application by letsencrypt so the process of cert creation and management is different there compared to last year.v Have to redo some work/research that I already did prior. For now, if you have a domain name I recommend doing everything else possible to ensure that it's ready for HTTPS with respect to images, css, and javascript. We'll try to get domains out late this year - but I have no real ETA, sorry.

signature
email: admin@jcink.com :: blog: John C.
#
With the HTTPS encryption update in the future, will the website portion of the profiles automatically change to the https link? For example, if I click the "WWW" button on your profile, JCInk, it says "john.cuppi.net", will that automatically update to the https link? I am manually going through and updating all of our members websites portion to say https instead of http, but I am not sure if I am doing unnecessary work .

signature
#
Links to external sites do not give you a "not secure" penalty in the browser.

In the future. when virtually everyone is on https. we may just replace all of those links for convenience, but until then that isn't really feasible.

I would say that it is not necessary to replace member website links. It's the embedded content that is important to change within things such as your css and wrappers.

For example you have a link to postimg in your navigation bar to an image that is being served over http. It's telling me your board is not "fully secure" as a result. Website links alone won't cause that.

signature
email: admin@jcink.com :: blog: John C.
#
So basically anything a user posts to an external site will not hurt us? For example if a user posts a HTTP link to ESPN, we should be fine? The main thing would be to update the signatures/avatars, user posted images, etc?

signature
#
QUOTE
So basically anything a user posts to an external site will not hurt us? For example if a user posts a HTTP link to ESPN, we should be fine? T


Yes, you aren't penalized for non-https links:

http://google.com/

QUOTE
The main thing would be to update the signatures/avatars, user posted images, etc?


Right. But you don't really have to panic about doing this in my opinion.

Right now, all google is doing is showing "Not Secure" next to the http urls. What you're seeing now is the maximum in their current plan. You can see the full plan here:

https://www.chromium.org/Home/chromium-secu...p-as-non-secure

See, what we're hoping for is that by the time the glove is really thrown down on HTTP, we'll be able to just mass-replace all http with https. They have no plans for that at all though! So I would not expect that to be an issue for years.

QUOTE
Will this break plain HTTP sites?

No. HTTP sites will continue to work; we currently have no plans to block them in Chrome. All that will change is the security indicator(s).


Last report from late 2017 indicated that "73 percent of pages loaded in the US using HTTPS in Chrome on Windows, up from 59 percent a year ago." Obviously that is just not enough for Google to decide to block all http connections or become too harsh on a page that might have a little image or something that isn't served over https. They will add a little warning as they have now, but tha's it. My personal prediction is that once enough of the internet is on https (it'll have to be in the 99%), we won't even have to think about this much.

There won't, for example, be a question of "can we swap all http to https links?" when we get to that point. If a server/service doesn't have it by that time years down the road... they will be the outlier. Some hosts have yet still to get with the program. I mean, honestly, for example, TinyPic still hasn't enabled https for their image uploads. And I don't get why because they operate out of literally a single domain name with subdomains. So in some cases you would need to reup the files that aren't available in https on the server they're hosted from.

signature
email: admin@jcink.com :: blog: John C.
#
Great work Mr Jcink!

http://files.b1.jcink.com/html/emoticons/smile.gif

signature
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Development News | Next Newest »

OptionsPages: (6) « First ... 4 5 6  Add ReplyNew TopicNew Poll