Forced HTTPS on web site
- From: Alexander Kriegisch <kriegaex freetz org>
- To: mc-devel gnome org
- Subject: Forced HTTPS on web site
- Date: Fri, 09 Mar 2012 15:31:53 +0100
Sorry, it is me again with yet another improvement idea: Currently
mignight-commander.org redirects non-https URLs to https, resulting in a
certificate warning because of your self-signed cert. This is scaring
away users rather than inviting them to access your web site. It does
not make a professional impression for one of Linux's most acclaimed
software packages. I do understand that you want to have an encrypted
connection when editing the wiki or administering the page as a logged
in user, but to force read-only access to be https is a bit too much, I
guess. It also creates more client and server load than necessary. Maybe
it would be a good idea to either use a commercial certificate or, if
that is too expensive, continue using the self-signed one, but only to
log in and after you are logged in. Plus, the registration and login
dialogues should show an explanation of why you use https and a how-to
for installing the cert into the most popular browsers (including a
quote of the cert's fingerprint).
It is about making it easy for users again, like in the other threads.
Me personally, I know how to import a cert, but this knowledge should
not be necessary to access your web site without being annoyed by the
warning all the time (e.g. after a browser restart). You want to make
sure to attract users and help them contribute or at least consume, not
scare them away. :-)
--
Alexander Kriegisch (kriegaex)
http://freetz.org
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]