I haven't played much with requesting a page be archived, so it's only a
handful of links I had tried. From what Eric Hellman posted about hiccups,
it doesn't sound like https is a barrier if you set up the site and want to
allow archiving.
-Wilhelmina Randtke
On Sat, Nov 9, 2013 at 5:29 PM, Karen Coyle <[log in to unmask]> wrote:
> The Archive says they can, but I've asked WR for the files she had trouble
> with and they'll try them out. To be sure, there wasn't a huge amount of
> testing that took place, so glitches are not unsurprising.
>
>
> kc
>
> On 11/9/13 3:13 PM, Wilhelmina Randtke wrote:
>
>> I don't think Internet Archive will view https sites. Internet Archive
>> just a few weeks ago added the option to let you add a page while
>> browsing,
>> and I have been unable to add https pages when I submit them.
>>
>> -Wilhelmina Randtke
>>
>>
>> On Sat, Nov 9, 2013 at 2:09 PM, Ranti Junus <[log in to unmask]>
>> wrote:
>>
>> Hi All,
>>>
>>> If code4lb.org switched to HTTPS by default, can their content still be
>>> archived by the Internet Archive?
>>>
>>>
>>> thanks,
>>> ranti.
>>>
>>>
>>> On Thu, Nov 7, 2013 at 1:16 PM, Ordway, Ryan <[log in to unmask]
>>>
>>>> wrote:
>>>> The simplest solution would be to modify the settings.php to start
>>>>
>>> pushing
>>>
>>>> everything over HTTPS once someone has hit an HTTPS URL. The current
>>>> code4lib server has been here at OSU longer than I have (and I've been
>>>>
>>> here
>>>
>>>> for 8+ years), and it's at MOST running at about 25% CPU capacity.
>>>>
>>> Pushing
>>>
>>>> everything over HTTPS is probably fine too.
>>>>
>>>> As for additional administrative overhead, if someone else wants to
>>>>
>>> manage
>>>
>>>> the certificate procurement and renewal, it takes me about 5 minutes
>>>>
>>> every
>>>
>>>> year to put a new certificate in place and then restart Apache once I
>>>>
>>> have
>>>
>>>> a certificate file.
>>>>
>>>>
>>>> On Wed, Nov 6, 2013 at 8:34 PM, Chad Fennell <[log in to unmask]> wrote:
>>>>
>>>> On Wed, Nov 6, 2013 at 8:49 PM, Ross Singer <[log in to unmask]>
>>>>>
>>>> wrote:
>>>>
>>>>> I guess I just don't see why http and https can't coexist.
>>>>>>
>>>>>>
>>>>>> They can definitely coexist, but there is a corresponding maintenance
>>>>>
>>>> cost
>>>>
>>>>> and a slightly higher risk profile (e.g. session hijacking is still
>>>>> possible in a variety of mixed http/https configurations). I noticed a
>>>>>
>>>> a
>>>
>>>> pretty good, if a bit dated, run-down of the tradeoffs for various
>>>>>
>>>> secure
>>>
>>>> setups in Drupal
>>>>>
>>>>>
>>>>> http://drupalscout.com/knowledge-base/drupal-and-ssl-
>>> multiple-recipes-possible-solutions-https
>>>
>>>> .
>>>>> Even if the solutions have somewhat changed, it does get at the idea of
>>>>> what some of the tradeoffs are between security, usability and
>>>>>
>>>> maintenance.
>>>>
>>>>> Just today, I noticed a security alert (
>>>>>
>>>> https://drupal.org/node/2129381)
>>>
>>>> for the Drupal 6 Secure Pages module where theoretically secured pages
>>>>>
>>>> and
>>>>
>>>>> forms could be transmitted in the clear. This is the module you'd most
>>>>> likely use to achieve a mixed http/https site in Drupal.
>>>>>
>>>>> I have personally tended to just put everything behind https because of
>>>>>
>>>> the
>>>>
>>>>> added work/modules/maintenance associated to running it along side of
>>>>>
>>>> http
>>>>
>>>>> (in Drupal, specifically), but I am a lazy person with access to free
>>>>>
>>>> certs
>>>>
>>>>> and ferncer servers.
>>>>>
>>>>> HTH
>>>>> --
>>>>> Chad Fennell
>>>>> Web Developer
>>>>> University of Minnesota Libraries
>>>>> (612) 626-4186
>>>>>
>>>>>
>>>
>>> --
>>> Bulk mail. Postage paid.
>>>
>>>
> --
> Karen Coyle
> [log in to unmask] http://kcoyle.net
> m: 1-510-435-8234
> skype: kcoylenet
>
|