 |
 |
Hi All, If code4lb.org switched to HTTPS by default, can their content still be archived by the Internet Archive? thanks, ranti. On Thu, Nov 7, 2013 at 1:16 PM, Ordway, Ryan <[log in to unmask]>wrote: > The simplest solution would be to modify the settings.php to start pushing > everything over HTTPS once someone has hit an HTTPS URL. The current > code4lib server has been here at OSU longer than I have (and I've been here > for 8+ years), and it's at MOST running at about 25% CPU capacity. Pushing > everything over HTTPS is probably fine too. > > As for additional administrative overhead, if someone else wants to manage > the certificate procurement and renewal, it takes me about 5 minutes every > year to put a new certificate in place and then restart Apache once I have > a certificate file. > > > On Wed, Nov 6, 2013 at 8:34 PM, Chad Fennell <[log in to unmask]> wrote: > > > On Wed, Nov 6, 2013 at 8:49 PM, Ross Singer <[log in to unmask]> > wrote: > > > > > I guess I just don't see why http and https can't coexist. > > > > > > > > They can definitely coexist, but there is a corresponding maintenance > cost > > and a slightly higher risk profile (e.g. session hijacking is still > > possible in a variety of mixed http/https configurations). I noticed a a > > pretty good, if a bit dated, run-down of the tradeoffs for various secure > > setups in Drupal > > > > > http://drupalscout.com/knowledge-base/drupal-and-ssl-multiple-recipes-possible-solutions-https > > . > > Even if the solutions have somewhat changed, it does get at the idea of > > what some of the tradeoffs are between security, usability and > maintenance. > > > > Just today, I noticed a security alert (https://drupal.org/node/2129381) > > for the Drupal 6 Secure Pages module where theoretically secured pages > and > > forms could be transmitted in the clear. This is the module you'd most > > likely use to achieve a mixed http/https site in Drupal. > > > > I have personally tended to just put everything behind https because of > the > > added work/modules/maintenance associated to running it along side of > http > > (in Drupal, specifically), but I am a lazy person with access to free > certs > > and ferncer servers. > > > > HTH > > -- > > Chad Fennell > > Web Developer > > University of Minnesota Libraries > > (612) 626-4186 > > > -- Bulk mail. Postage paid.