SSL certs are expensive because of the administrative work associated with it.
Riley Childs
Library Director and IT Admin
Junior
Charlotte United Christian Academy
P: 704-497-2086 (Anytime)
P: 704-537-0331 x101 (M-F 7:30am-3pm ET)
Sent from my iPhone
Please excuse mistakes
> On Nov 6, 2013, at 8:28 PM, Cary Gordon <[log in to unmask]> wrote:
>
> It sounds like we are willing to throw security under the bus for an edge case, although I am sure that I am missing some subtlety
>
> Cary
>
>> On Nov 5, 2013, at 10:27 AM, Ross Singer <[log in to unmask]> wrote:
>>
>>> On Tue, Nov 5, 2013 at 12:07 PM, William Denton <[log in to unmask]> wrote:
>>>
>>>
>>> (Question: Why does HTTPS complicate screen-scraping? Every decent tool
>>> and library supports HTTPS, doesn't it?)
>>
>> Birkin asked me this same question, and I realized I should clarify what I
>> meant. I was mostly referring to existing screen scrapers/existing web
>> sites. If you redirect every request from http to https, this will
>> probably break things. I think the Open Library example that Karen
>> mentioned is a good case study.
>>
>> And it's pretty different for a library or tool to support HTTPS and a
>> specific app to be expecting it. If you follow the thread around that OL
>> change, it appears there are issues with Java (as one example) arbitrarily
>> consuming HTTPS (from what I understand, you need to have the cert
>> locally?), but I don't know enough about it to say for certain. I think
>> there would also probably be potential issues around mashups (AJAX, for
>> example), but seeing as code4lib.org doesn't support CORS, not really a
>> current issue. Does apply more generally to your question about library
>> websites at large, though.
>>
>> Anyway, I agree with you that the option for both should be there. I'm not
>> just not convinced that HTTPS-all-the-time is necessary for all web use
>> cases.
>>
>> -Ross.
|