Guest Posted March 23, 2017 Share Posted March 23, 2017 Any chance this site can have secure (https) protocol enabled? Link to comment
enricosavazzi Posted March 23, 2017 Share Posted March 23, 2017 Considering that anyone can read the contents of this site without even registering, what would be the advantage of using HTTPS? I know what HTTPS does and does not do, my question is why use it. Link to comment
igoriginal Posted March 24, 2017 Share Posted March 24, 2017 I agree with Enrico. The whole point of this site is to have a searchable website. Information that is accessible. A site that also returns results in a browser search, and leads people here from that search. Hence, a site that also allows non-members to do a database search for specific photographed subjects, which then may lead to requests for image purchase and/or use. Or, even if it is purely educational/institutional (just for the science, without commercial use involved), the general goal of this site is to create a compendium of data that can be found and browsed by any interested individual or party. Hence, an https-encrypted site would essentially negate this entire site's mission/purpose, would it not? Science/knowledge is to be shared, rather than locked away from others, I would imagine. Link to comment
Andy Perrin Posted March 24, 2017 Share Posted March 24, 2017 Just don't put anything on the site that you would mind if someone stole. (Including your site password!) Link to comment
Andrea B. Posted March 24, 2017 Share Posted March 24, 2017 Https does not prevent a website from being searched. Link to comment
igoriginal Posted March 24, 2017 Share Posted March 24, 2017 Https does not prevent a website from being searched. Really? I have never experienced this. There must be different levels of "encryption", then. But the majority of sites that I have used which employ https have only allowed access to main pages/launch areas/log-ins, not browsing specific pages further down the chain of pages. How, then, can https benefit this site? (When applied selectively). Link to comment
Guest Posted March 24, 2017 Share Posted March 24, 2017 Wow - so, I apologize if I gave anyone the wrong impression, but my intentions are certainly not to lock the world out in any way. Andrea is right, HTTPS does not prevent a site from being searched, provided it is configured properly. My request only applies to the log-in page, to prevent my username and password from being transferred to the server in plain text format; which could be easily intercepted by [fill in this blank with what/whomever would do such a thing]. Thus, therein lies the benefit https could add to this site. Just a simple request for a secure login page, that's all. The rest of the site, I agree, should be open and accessible to [fill in this blank with what/whomever would be interested in the content of this site]. Link to comment
igoriginal Posted March 24, 2017 Share Posted March 24, 2017 Wow - so, I apologize if I gave anyone the wrong impression, but my intentions are certainly not to lock the world out in any way. Andrea is right, HTTPS does not prevent a site from being searched, provided it is configured properly. My request only applies to the log-in page, to prevent my username and password from being transferred to the server in plain text format; which could be easily intercepted by [fill in this blank with what/whomever would do such a thing]. Thus, therein lies the benefit https could add to this site. Just a simple request for a secure login page, that's all. The rest of the site, I agree, should be open and accessible to [fill in this blank with what/whomever would be interested in the content of this site]. No apologies required. I am the one who misunderstood. Shows you how little I understand https protocol in its more specifically-applied functionality, rather than used as a whole-site content-regulatory function. Of course, I can appreciate the desire for a more secure log-in process, thus I understand where you are coming from. Link to comment
Andrea B. Posted March 24, 2017 Share Posted March 24, 2017 To update everyone: I am in process of looking into https for the login page. The cost is minimal. And in the current climate of hackings and all that, why not provide a bit of password security? Seems sensible to me. There are some questions I have to ask our hosting service because we are on a shared server. My understanding is that I need to let them handle it rather than buying the certificate myself, etc. I will keep everyone updated on what I find out. Link to comment
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now