To enhance security, as regards to logins and passwords, this forum may migrate to HTTPS, TLS, or other.
Status: certificate acquired. site also works in http
. Feel free to opine in this topic.
The original impetus was pushed by Google:
Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for http://shenafu.com/
To: owner of http://shenafu.com/
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
Here’s how to fix this problem:
Use HTTPS pages to collect sensitive information
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS protocol.
This means users visiting non HTTPS sites will see "Not Secure" in the address bar. https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn
However converting to new URI prefix is not just changing the address. It's a complex process of acquiring SSL certificates and heavy modification to forum code and database to make sure all links are directed properly. It may also have issues with image sources not from other HTTPS sites
Furthermore is the opinion that the HTTPS itself segregates the internet
. Which makes HTTPS less backward compatible. And do most of the web need to be encrypted? Such as this tiny site in the remote recesses of the internet.
Moreover is the delay as the security certs are verified. That means every page will have a second or more of delay before the page is rendered to the user's browser. Which I find very annoying because it can't be prevented or diminished no matter how powerful your computer is.
So this a multi-pronged quandary. One, is it worth the hassle for this tiny site that all traffic be encrypted? For that matter, is it feasible to force millions of webmasters to comply to this authoritarian edict? Two, do we all agree that segregating the internet should be future? Could there be better, passive solutions than converting billions of links to HTTPS?