Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 06:38:18 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: https by default?  (Read 3834 times)

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
https by default?
« on: January 30, 2008, 12:45:15 PM »
Is it possible to configure a browser to use https by default? And if not, why? Thanks.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: https by default?
« Reply #1 on: January 30, 2008, 01:36:56 PM »
that's a nice idea for a firefox plugin -- to switch to https for all urls where its available.

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #2 on: January 30, 2008, 02:04:01 PM »
Yes, that's what I thought. And then I searched for an add-on and realized it didn't exist, and wondered why... Then I found links about tor etc., but nothing really about setting Firefox to switch to https whenever its available.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #3 on: January 30, 2008, 02:04:25 PM »
IIRC there is a greasemonkey script that will switch to https for all sorts of sites from google. Maybe that can be extended to include your forums.

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #4 on: January 30, 2008, 02:10:16 PM »
hummm... Thanks housetier. Do you remember its name?

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #5 on: January 30, 2008, 05:44:13 PM »
userscripts.org.png

I don't recall any of the names, there are a bunch of scripts at userscripts.org tagged with "https".

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #6 on: January 30, 2008, 09:35:09 PM »
Thanks housetier!
I'll check these links for "fun"...
With the enduring buzz around security, I'm surprised Firefox doesn't have an option to switch to https whenever its available, by default.  :tellme:

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: https by default?
« Reply #7 on: January 30, 2008, 11:05:01 PM »
That's a pretty hard thing to do. Some web sites will use HTTPS for specific things and not others, so you might end up with things breaking. I don't think that it's really a generally feasible thing to do.

e.g. You've got some site that uses HTTPS for logins and whenever you're logged in, but nothing else. So it's available. Your extension sees that it's available. You may end up constantly hitting a login page for every page even with different URLs because the site sees that you're trying to use HTTPS, but you're not logged in, and so returns a login screen for every URL.

There are more problems with it as well. Basically, I think it's up to the user to check if they're on HTTPS when they want to be. Otherwise, you need to trust the site.

Think about it this way, if you're creating a site that uses HTTPS, you've probably got a good reason and will dictate where it is used. e.g. You can't see certain pages or certain content without HTTPS. etc.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Armando

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,727
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #8 on: January 30, 2008, 11:27:37 PM »
Thanks Renegade. Of course, you're right about the specific and maybe sporadic need to protect data. But it's such NOT a habit in my case... At least a popup (or something else) offering the option (whenever it's available) would be nice... IMO.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: https by default?
« Reply #9 on: January 30, 2008, 11:34:43 PM »
The thing is that unless you're logged into a site, or doing some kind of transaction where a password is required, or you're transmitting some kind of sensitive data (banking, email address, password, etc.), there really isn't much of a reason to use SSL. It only adds overhead and slows things down.

But having an option popup to change to HTTPS would be nice. I think you're right there about having a user action for it. Doing it automatically could pose real problems.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 10,321
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #10 on: January 31, 2008, 04:22:45 AM »
IIRC there is a greasemonkey script that will switch to https for all sorts of sites from google. Maybe that can be extended to include your forums.

I have Better Gmail 2
https://addons.mozil...S/firefox/addon/6076
which allows you to force https for gmail

I think I got it via Lifehacker though :-\
Tom

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #11 on: January 31, 2008, 10:44:55 AM »
But GMail is https by default...

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 10,321
    • View Profile
    • Donate to Member
Re: https by default?
« Reply #12 on: January 31, 2008, 03:07:34 PM »
But GMail is https by default...

you got me there Lashiec - maybe it was written for when it wasnt
or maybe it's because of this: Even SSL Gmail can get sidejacked
Tom