Website secured with SSL/TLS
Friday, February 10, 2017 (15:43:52)

Posted by Devon

It's been a long time since the last announcement. I've long since stopped developing in PHP/MySQL but when it came time to play around with HTTPS SSL/TLS this was a good place to start. Because this site was coded so brilliantly to begin with more than a decade ago; the update process only took 15 minutes of actual code changes. Times are changing and this website is woefully outdated now by not relying on new and better techniques such as web sockets or AJAX. It's hard to argue with the speed of GET/POST vs more modern frameworks that rely heavily on memory hogging javascript.

A small Apache rewrite rule is required and ensuring that no images (including in news content) are linked to the old http url. Unfortunately this will break a lot of images but your users will be much better off in the long run under a secure roof.

SSL is nothing new but what is new is the concerted effort of browser developers to show all internet users the security of their website connection with a lock/unlock icon. There is currently a big push by many major websites and browsers to emphasize that a non-https website might not be somewhere you want to be.

The SSL secure lock icon is one of the first things you see in a browser when you visit a website now. This means any website without HTTPS in the future will be frowned upon by users and more importantly, search engines. Google announced last month that fully compliant HTTPS websites will be given search result prioritization over ones that are not. That's a pretty big deal in shaping the future of the web. All aboard the SSL train.

In order for a website to achieve a green locked icon (fully validated HTTPS) the admin of the site has a couple major changes to make. The most important task is to ensure the site is secured from externally loaded content (no more hotlinking images from another domain including the HTTP version of the same site, ouch). Effort must be put into changing all content links from HTTP to HTTPS. Lord help you if you have hardcoded URLs in your HTML/CSS, image galleries, links, scripts, etc.. as fixing them on your site could get quite tedious.

It's not impossible to abuse SSL as many previous iterations are now considered insecure and can be broken in real-time with modern computers. As computing power increases so will how much more bit encryption is required to stay ahead of the curve.

If you are a developer there are plenty of obvious ways to get around the rules for hosting mixed content and still have a green secure icon. I do not condone cheating, malicious scripting, selling user data, giving away user data, or running ad campaigns on your website from untrusted 3rd parties (Google and other well known advertisers excluded). Be wary of those who contact you to offer ad campaigns on your websites, 99% of the time they're up to no good and only want to use your website as a vector. Just because you see a green icon doesn't mean you're absolutely secure from prying eyes, viruses, or corrupt admins. The internet is definitely more secure than it was because of HTTPS but it's not a 100% guarantee of safe browsing on the internet. Stay safe out there.

I'm still around the internet, playing with new frameworks, and trying to make the internet a better place.

Content received from: Treasure Coast Designs, http://www.treasurecoastdesigns.com