http:// or https://; that is the question

http:// websites exchange data with the user that that is not encrypted. https:// websites exchange data with the user that is encrypted and hence offers greater security for things like credit card details. The standard security technology for encrypted data exchange is a secure sockets layer, SSL, that is provided and certified by a third party.

The pes-spdc.org website doesn't inherently need SSL as any credit card transactions are all handled by the https:// site of PayPal. Unfortunately internet security has become a big issue leading to browsers, like Firefox and Chrome, now visually indicating http:// and https:// sites. Here are some examples:

FireFox

The URL is displayed with a preceding information button "i"

Clicking on the "i" button displays further information.

Clicking on the arrow displays a window where various types of data about the website can be viewed. The screen grab below shows the security data together with a worrying observation.

Chrome

The results for Chrome are similar to Firefox.

The browser warning messages are likely to cause user concern and inhibit certain actions. This alone is a good reason to install SLL on pes-spdc.org.

Google ranking

Beginning this year (2017) website security will be a 1 % factor in the sites Google ranking. As time goes on Google is likely to increase the security factor to apply pressure to websites to be more secure and use SSL.

https://pes-spdc.org

As a result of the two situations covered above the pes-spdc.org site now incorporates SSL. Type in http://pes-spdc.org and you will automatically be redirected to https://pes-spdc.org indicated by the green padlock symbol.

The security messages now should not cause user concern.

Has incorporating SSL any downsides? There are three downsides:

  1. As data flows via the SSL security provider (COMODO) load speeds will be reduced.
  2. The SSL service costs about 100 $/yr
  3. One off time (3 days) spent in setting up SSL.

On the plus side we are future-proofed for the moment.