[Lumiera] Server HTTPS

Ichthyostega prg at ichthyostega.de
Wed Oct 24 03:56:36 CEST 2018


On 10/23/18 10:52 PM, Christian Thaeter wrote:
> The Webserver for the Mailinglists is now https only (with http
> redirecting). This adds some security since user and config actions go though
> this interface.

Hi Christian,

thanks for pushing that one ahead....

> Another question is if we want to make the normal webserver/webpage https. I 
> guess the answer is 'yes' because http is a dying breed. Google Chrome will 
> phase it out eventually, Sites which don't deliver content via https get 
> downranked. I personally don't see much advantages there, but I know the 
> drill and will deploy that later on. Actually plain HTTP has more advantages 
> since it doesnt force users to accept cooperate MitM attacks and webcaches 
> can cache pages universally.

Fully agreed. <rant> And we should add, that plain vanilla static webpages also
seem to become rare exotic animals. Anyone is just dying to run a bloated
WordPress or similar kind of CMS, which allows to add content and new features
through plug-ins, without requiring in-depth technical knowledge. Not to mention
all those personalised advertisements, rendering "personal data" which totally
needs to be protected cryptographically</rant>

Anyway, we don't have much choice here, other than following the mainstream
and offer the website via HTTPS.

Cheers,
Hermann





More information about the Lumiera mailing list