• Ultraviolet Photography
  •  

Https

8 replies to this topic

#1 Mark

    Member

  • Members(+)
  • 287 posts
  • Location: Massachusetts, USA

Posted 23 March 2017 - 18:54

Any chance this site can have secure (https) protocol enabled?

#2 enricosavazzi

    Member

  • Members
  • 372 posts
  • Location: Stockholm, Sweden

Posted 23 March 2017 - 21:18

Considering that anyone can read the contents of this site without even registering, what would be the advantage of using HTTPS? I know what HTTPS does and does not do, my question is why use it.
-- Enrico Savazzi

#3 igoriginal

    Iggy

  • Members(+)
  • 582 posts
  • Location: Jackson, Mississippi

Posted 24 March 2017 - 03:03

I agree with Enrico. The whole point of this site is to have a searchable website. Information that is accessible. A site that also returns results in a browser search, and leads people here from that search. Hence, a site that also allows non-members to do a database search for specific photographed subjects, which then may lead to requests for image purchase and/or use. Or, even if it is purely educational/institutional (just for the science, without commercial use involved), the general goal of this site is to create a compendium of data that can be found and browsed by any interested individual or party.

Hence, an https-encrypted site would essentially negate this entire site's mission/purpose, would it not?

Science/knowledge is to be shared, rather than locked away from others, I would imagine.

Edited by igoriginal, 24 March 2017 - 03:15.

Igor Butorsky

#4 Andy Perrin

    Member

  • Members(+)
  • 797 posts
  • Location: United States

Posted 24 March 2017 - 03:25

Just don't put anything on the site that you would mind if someone stole. (Including your site password!)

Edited by Andy Perrin, 24 March 2017 - 03:25.


#5 Andrea B.

    Desert Dancer

  • Owner-Administrator
  • 5,072 posts
  • Location: USA

Posted 24 March 2017 - 04:35

Https does not prevent a website from being searched.
Andrea G. Blum
Often found hanging out with flowers & bees.

#6 igoriginal

    Iggy

  • Members(+)
  • 582 posts
  • Location: Jackson, Mississippi

Posted 24 March 2017 - 04:42

View PostAndrea B., on 24 March 2017 - 04:35, said:

Https does not prevent a website from being searched.

Really? I have never experienced this. There must be different levels of "encryption", then. But the majority of sites that I have used which employ https have only allowed access to main pages/launch areas/log-ins, not browsing specific pages further down the chain of pages.

How, then, can https benefit this site? (When applied selectively).

Edited by igoriginal, 24 March 2017 - 04:47.

Igor Butorsky

#7 Mark

    Member

  • Members(+)
  • 287 posts
  • Location: Massachusetts, USA

Posted 24 March 2017 - 11:17

Wow - so, I apologize if I gave anyone the wrong impression, but my intentions are certainly not to lock the world out in any way. Andrea is right, HTTPS does not prevent a site from being searched, provided it is configured properly. My request only applies to the log-in page, to prevent my username and password from being transferred to the server in plain text format; which could be easily intercepted by [fill in this blank with what/whomever would do such a thing]. Thus, therein lies the benefit https could add to this site.

Just a simple request for a secure login page, that's all. The rest of the site, I agree, should be open and accessible to [fill in this blank with what/whomever would be interested in the content of this site].

#8 igoriginal

    Iggy

  • Members(+)
  • 582 posts
  • Location: Jackson, Mississippi

Posted 24 March 2017 - 15:19

View PostMark, on 24 March 2017 - 11:17, said:

Wow - so, I apologize if I gave anyone the wrong impression, but my intentions are certainly not to lock the world out in any way. Andrea is right, HTTPS does not prevent a site from being searched, provided it is configured properly. My request only applies to the log-in page, to prevent my username and password from being transferred to the server in plain text format; which could be easily intercepted by [fill in this blank with what/whomever would do such a thing]. Thus, therein lies the benefit https could add to this site.

Just a simple request for a secure login page, that's all. The rest of the site, I agree, should be open and accessible to [fill in this blank with what/whomever would be interested in the content of this site].

No apologies required. I am the one who misunderstood. Shows you how little I understand https protocol in its more specifically-applied functionality, rather than used as a whole-site content-regulatory function.

Of course, I can appreciate the desire for a more secure log-in process, thus I understand where you are coming from.

Edited by igoriginal, 24 March 2017 - 15:20.

Igor Butorsky

#9 Andrea B.

    Desert Dancer

  • Owner-Administrator
  • 5,072 posts
  • Location: USA

Posted 24 March 2017 - 15:38

To update everyone: I am in process of looking into https for the login page. The cost is minimal. And in the current climate of hackings and all that, why not provide a bit of password security? Seems sensible to me.

There are some questions I have to ask our hosting service because we are on a shared server. My understanding is that I need to let them handle it rather than buying the certificate myself, etc. I will keep everyone updated on what I find out.



Andrea G. Blum
Often found hanging out with flowers & bees.