Why? HTTPS is used when there is sensitive data involved, code4lib.org (at least to my knowledge) does not have sensitive data?
Riley Childs
Library Director and IT Admin
Junior
Charlotte United Christian Academy
P: 704-497-2086 (Anytime)
P: 704-537-0331 x101 (M-F 7:30am-3pm ET)
Sent from my iPhone
Please excuse mistakes
> On Nov 6, 2013, at 8:28 PM, Cary Gordon <[log in to unmask]> wrote:
>
> It sounds like we are willing to throw security under the bus for an edge case, although I am sure that I am missing some subtlety
>
> Cary
>
>> On Nov 5, 2013, at 10:27 AM, Ross Singer <[log in to unmask]> wrote:
>>
>>> On Tue, Nov 5, 2013 at 12:07 PM, William Denton <[log in to unmask]> wrote:
>>>
>>>
>>> (Question: Why does HTTPS complicate screen-scraping? Every decent tool
>>> and library supports HTTPS, doesn't it?)
>>>
>>
>> Birkin asked me this same question, and I realized I should clarify what I
>> meant. I was mostly referring to existing screen scrapers/existing web
>> sites. If you redirect every request from http to https, this will
>> probably break things. I think the Open Library example that Karen
>> mentioned is a good case study.
>>
>> And it's pretty different for a library or tool to support HTTPS and a
>> specific app to be expecting it. If you follow the thread around that OL
>> change, it appears there are issues with Java (as one example) arbitrarily
>> consuming HTTPS (from what I understand, you need to have the cert
>> locally?), but I don't know enough about it to say for certain. I think
>> there would also probably be potential issues around mashups (AJAX, for
>> example), but seeing as code4lib.org doesn't support CORS, not really a
>> current issue. Does apply more generally to your question about library
>> websites at large, though.
>>
>> Anyway, I agree with you that the option for both should be there. I'm not
>> just not convinced that HTTPS-all-the-time is necessary for all web use
>> cases.
>>
>> -Ross.
|