How is security getting thrown under the bus? -Ross. On Wednesday, November 6, 2013, Cary Gordon wrote: > It sounds like we are willing to throw security under the bus for an edge > case, although I am sure that I am missing some subtlety > > Cary > > On Nov 5, 2013, at 10:27 AM, Ross Singer <[log in to unmask]<javascript:;>> > wrote: > > > On Tue, Nov 5, 2013 at 12:07 PM, William Denton <[log in to unmask]<javascript:;>> > wrote: > > > >> > >> (Question: Why does HTTPS complicate screen-scraping? Every decent > tool > >> and library supports HTTPS, doesn't it?) > >> > > > > Birkin asked me this same question, and I realized I should clarify what > I > > meant. I was mostly referring to existing screen scrapers/existing web > > sites. If you redirect every request from http to https, this will > > probably break things. I think the Open Library example that Karen > > mentioned is a good case study. > > > > And it's pretty different for a library or tool to support HTTPS and a > > specific app to be expecting it. If you follow the thread around that OL > > change, it appears there are issues with Java (as one example) > arbitrarily > > consuming HTTPS (from what I understand, you need to have the cert > > locally?), but I don't know enough about it to say for certain. I think > > there would also probably be potential issues around mashups (AJAX, for > > example), but seeing as code4lib.org doesn't support CORS, not really a > > current issue. Does apply more generally to your question about library > > websites at large, though. > > > > Anyway, I agree with you that the option for both should be there. I'm > not > > just not convinced that HTTPS-all-the-time is necessary for all web use > > cases. > > > > -Ross. >