https by default?

[Armando]

Is it possible to configure a browser to use https by default? And if not, why? Thanks.

[mouser]

that's a nice idea for a firefox plugin -- to switch to https for all urls where its available.

[Armando]

Yes, that's what I thought. And then I searched for an add-on and realized it didn't exist, and wondered why... Then I found links about tor etc., but nothing really about setting Firefox to switch to https whenever its available.

[housetier]

IIRC there is a greasemonkey script that will switch to https for all sorts of sites from google. Maybe that can be extended to include your forums.

[Armando]

hummm... Thanks housetier. Do you remember its name?

[housetier]

I don't recall any of the names, there are a bunch of scripts at userscripts.org tagged with "https".

[Armando]

Thanks housetier!
I'll check these links for "fun"...
With the enduring buzz around security, I'm surprised Firefox doesn't have an option to switch to https whenever its available, by default. 

[Renegade]

That's a pretty hard thing to do. Some web sites will use HTTPS for specific things and not others, so you might end up with things breaking. I don't think that it's really a generally feasible thing to do.

e.g. You've got some site that uses HTTPS for logins and whenever you're logged in, but nothing else. So it's available. Your extension sees that it's available. You may end up constantly hitting a login page for every page even with different URLs because the site sees that you're trying to use HTTPS, but you're not logged in, and so returns a login screen for every URL.

There are more problems with it as well. Basically, I think it's up to the user to check if they're on HTTPS when they want to be. Otherwise, you need to trust the site.

Think about it this way, if you're creating a site that uses HTTPS, you've probably got a good reason and will dictate where it is used. e.g. You can't see certain pages or certain content without HTTPS. etc.

[Armando]

Thanks Renegade. Of course, you're right about the specific and maybe sporadic need to protect data. But it's such NOT a habit in my case... At least a popup (or something else) offering the option (whenever it's available) would be nice... IMO.

[Renegade]

The thing is that unless you're logged into a site, or doing some kind of transaction where a password is required, or you're transmitting some kind of sensitive data (banking, email address, password, etc.), there really isn't much of a reason to use SSL. It only adds overhead and slows things down.

But having an option popup to change to HTTPS would be nice. I think you're right there about having a user action for it. Doing it automatically could pose real problems.

[tomos]

IIRC there is a greasemonkey script that will switch to https for all sorts of sites from google. Maybe that can be extended to include your forums.

-housetier (January 30, 2008, 02:04 PM)

I have Better Gmail 2
https://addons.mozil...S/firefox/addon/6076
which allows you to force https for gmail

I think I got it via Lifehacker though

[Lashiec]

But GMail is https by default...

[tomos]

But GMail is https by default...

-Lashiec (January 31, 2008, 10:44 AM)

you got me there Lashiec - maybe it was written for when it wasnt
or maybe it's because of this: Even SSL Gmail can get sidejacked