ebr 16184 Posted July 13, 2021 Posted July 13, 2021 If we automatically fell back to http when https didn't work, we would need to make it VERY obvious that that happened or people could think they are connected securely when they aren't.
BillOatman 596 Posted July 13, 2021 Author Posted July 13, 2021 (edited) 2 hours ago, ebr said: If we automatically fell back to http when https didn't work, we would need to make it VERY obvious that that happened or people could think they are connected securely when they aren't. Certainly, describing in detail what "Preferred but not required" means to users would be a good idea regardless of how it works. What it does now, to me at least, is counterintuitive. If falling back is undesirable, maybe have both a http and a https endpoint exposed and shown on the dashboard. Edited July 13, 2021 by BillOatman
rbjtech 5284 Posted July 13, 2021 Posted July 13, 2021 It should actually be done the other way around, if people attempt to use http, then it should try and use https If that fails for whatever reason (or https is not setup), then I agree 100% that it should connect but warn it is not secure, as a browser does today - the Admin should also be alerted imo as that is also putting the servers security at potential risk. My personal view is https only or you don't connect ..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now