solved What links can logged in users and passing visitors see and use? (SSL URL or non-SSL) x (local or non local)

Here at ACP >> Users >> Global Config >> Site settings

I see this setting.

"Checkbox: Create SSL URLs, SSL Certificate Required!

Checking this option will cause local non-SSL URLs that are embedded in text items to be shown as an SSL url for logged in users. Default: off"

What does checking this box this mean for logged in users and ordinary site visitors? I can only understand this instruction in a very general way. I can see that it has something to do with how people can see and use links in my site.

As Admin, I should know about this, but the explanation given is the minimum explanation needed for developers. For them, it is very simple thing to understand, I am sure. They may also understand a world of further implications beyond this yes or no decision.

I will try to dig into this a little further.

The instruction means that for logged in users, "local non-SSL URLs embedded in text items will be seen as SSL URLs" .

Are "local non-SSL URLs" the relational links that connect different locations within our site?

In the default situation, I suppose this means that for logged in users, local non-SSL URLs that are embedded in text items will NOT be seen as SSL URLs .

That is just following the logic of sentence structure. What the sentences mean I do not know. As an Admin, things I need to know are (1) whether links will be seen as active, usable links by logged in users and passing site visitors, and (2) which option is needed or recommended for different situations or sites (my site is a public site in which all content is public).

Perhaps what we need are contingency tables for the different scenarios. For example:

Scenario one, for when local non-SSL URLs are embedded in text items

Box not checked (default) vs Box checked

Logged in User - Will see?? - etc.

Passing visitor - etc - etc


Scenario two, for when local non-SSL URLs are NOT embedded in text items (in which case, what kind of URLs would they be? non-local non-SSL, or local SSL?)

Box not checked (default) vs Box checked

Logged in User - Will see?? - etc.

Passing visitor - etc - etc



--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 01/26/17 10:05:12PM

Right now you are viewing jamroom.net on a secure connection:

https://www.jamroom.net

It looks the same as if you were viewing it on an insecure connection

http://www.jamroom.net

So there is no difference as far as viewing the site goes. Until recently its been the normal way of doing things to view the non-secure site and only use the https version for things like payment transactions.

But then google decided it would give higher search ranking preference to sites that were HTTPS, so normal changed.

You can turn on httpS from your servers control dashboard:
https://www.jamroom.net/researchcooperative/hosting/domain_config/37/id=136

the "Enable Free SSL" button.

If that is enabled, then use the setting you outlined above "Checkbox: Create SSL URLs, SSL Certificate Required!" to re-write all http:// to https://

Dont turn it on unless you can see your site on https:// though or you will be stuck.

Thanks.

Is there really no difference for viewers, regardless of the quality of internet connection, or kind of browser used? I have members looking at the site from very diverse situations, in terms of connectivity.

I also expect that enabling SSL is mandatory if I am going to offer transaction services (Foxycart, paypal) for some members.

If not all users or visitors can see sites that use https:// , then I may need to make a compromise.


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)

SSL is a web security feature, it makes zero difference to how your site is laid out.

Neither Paypal or Foxycart require you to use SSL. The only thing that does require it is if you share audio players to facebook. Facebook requires that your site be SSL enabled to show the player, otherwise a link to the player will show.

Thanks. I went to set up SSL, and found this message:

"Server Name Indication SSL does not work with IE and Chrome on Windows XP!

Open a Ticket to setup dedicated SSL if you have IE and Chrome visitors on Windows XP that must be supported."

I need to consider the possibility of dedicated SSL because (1) global usage of the XP system is still around 10% according to netmarketshare.com, and (2) many of my members are in less wealthy countries where usage of XP may be more than the global average.


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 10/27/16 07:19:18AM

XP is not supported by microsoft anymore. If the company that built the thing isn't supporting it you shouldn't either.

Thanks... sounds right to me!


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)