[Cryptography] How to convince web site to use HTTPS ?
John McCormac
jmcc at hackwatch.com
Fri Aug 2 19:51:32 EDT 2019
On 02/08/2019 15:12, Henry Baker wrote:
> Hi:
>
> A small organization that I work with (so far) refuses to
> move to HTTPS, even though they require a *login* to use
> their site.
>
> I'm trying to be diplomatic as possible, but I'd like to
> convince them as simply and easily as possible.
>
> Does anyone here have any ideas?
Hint at it being a possible GDPR issue even though it may not be one. If
it is using a login, it is potentially handling personal data.
Normally, it is a case of getting to talk to the webmaster rather than
the boss or CEO. The website design might well have been outsourced and
upgrading it to HTTPS will involve some more work. This brochureware
approach to websites by businesses and organisations means that website
design is viewed as a one-off expense and there's often no ongoing
maintenance contract. Finding out if the website was developed in-house
or outsourced would be the first step. That would provide an indication
of the difficulty of convincing the organisation to upgrade to HTTPS.
Despite all the propaganda from Google and the search engine
optimisation business, HTTPS redirects (where a site will redirect to a
HTTPS version) are not universal. Some of the new gTLDs are HTTPS by
default but the HTTPS redirect percentages on other TLDs vary.
Regards...jmcc
---
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the cryptography
mailing list