New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
That might only be the case if you link from HTTPS to HTTP, right now it is actually the opposite here. And even then only the referred header is not sent (not lost) and I hardly believe that their ad platform is based on the referred.
Such as?
As I said before there are too many assumptions in this case and too little facts.
@neroux I doubt its the sole attribute they use but I bet it is used.
They might use it for statistics but not for anything crucial/serious. The referrer header is nothing reliable, so this can hardly be the reason for any of the alleged problems.
Guess the main reason for no https is "work for little gain".
Guess it is up to mpkossen to do it and then there is his lack of time.
I did also think this...
I made a few https only sites in vanilla and didn't seem like that much hassle.
Then again I didn't deal with a cluster.
May I quote myself here from before
Anyhow, considering the apparent lack of interest in the LET community and from the site owners I will simply follow @Nekki's suggestion and not pursue the topic anymore. No point in tilting at windmills.
Is it actually in place now or did it used to be before all the site moves? Also never heard the windmill expression before; I like it.
@neroux I have to stop looking at this now as work want me to actually do some (on a Friday? The swines!), but I have found that BuySellAds have stated that the issue is at their end, and is related to their statistics infrastructure, which would need an overhaul to support https - source
That possibly (probably?) means their infrastructure is a years-old POS, and given their PublisherPro platform supports https, they likely have very little interest in upgrading the cheaper version.
I don't know if that satisfies your thirst for knowledge or not, but here we are.
There is a fully functional HTTPS listener (only the certificate expired now a week ago) with a forced redirect to the respective HTTP URL.
Unbelievable! Inhuman treatment I say this is
Thanks for digging out the URL but unfortunately they still did not explain the actual problem. "requires a significant upgrade to our stats infrastructure" is a rather generic statement and the confusion deepens if you consider the images are already served via HTTPS. Only the anchor link (in regards to the referrer) is on HTTP but does contain apparent tracking parameters.
But yes .... windmills
At last check HTTPS on LET blew up BSA. We actually tried to do this about a year ago.
Thanks a lot for the reply. Would you care to share some details as to what exactly blew up? Maybe someone here could even come up with a solution.
A solution to fix BSA's system?
I believe it would work, and even if it's not perfect/100%, an imperfect implementation would be better than no https at all...
What does BSA stands for if I may be so rude to ask?
BySellAds, the provider of the advertising on the site.
+1 for SSL, because I know the company I work for logs everything I do and I don't feel comfortable logging in with raw unencrypted login
valid concern. I really wish that one of the LET mods actually gives a straightforward answer regarding this request. SSL, Yes or No?
I'm slightly confused why you guys are pushing this... They have said multiple times that its not being done due to BSA having compatability issues.
You think BSA would trust a fix a LET user has put together?
Sure SSL is nice but if BSA say it won't work I can see why sysadmin hasn't implemented it.
I'm glad you said something, I was beginning to think I was going mad.
yes or no.. it isn't that hard.
I though Grand Master Biloh answered tbh - they tried it, it didn't work with BSA, so they abandoned the idea.
close the thread then with a final respond from @jbiloh that it wont happen anytime soon? I hate the lack of straightforwardness when it comes to mod decisions/feedback on LET.
Last time it was attempted, it broke the BSA plugin, that makes it a "no" until it becomes a "yes" when BSA fixes their system to support it.
Hope that clears it up.
Not sure how much clearer you can make it.
Makes sense for a full https experience (even tho adblock edge can make the BSA plugin less of a problem for some users
) - but what about a 'login page/recover password only' https experience?
No ads on those two pages shouldn't hurt too much, isn't it?
Thank you, thats a clear statement as to if HTTPS is going to be available.
However if possible it would be nice to know more details as to what broke. Do you mean the Javascript snippet which inserts the Javascript code from the HTTP URL http://s3.buysellads.com/ac/bsa.js?
Making the protocol scheme for this one URL dynamic shouldnt be a problem but the actual code does seem to reference to an HTTP URL at least three times. And this could potentially be a problem in an HTTPS context.
Now, I am going to speak entirely in theory, as this would require a change in how this Javascript file is added, as well as manual changes to the file itself and furthermore, of course, I cannot tell how the code behind these URLs (with proper parameters. Plain availability is given) would react live if called via HTTPS, but it would be interesting what happened if the file was locally included (hopefully we wouldnt run into cross-domain issues, there is at least one variable containing a HTTP URL called "api") and the HTTP URLs changed to HTTPS ones.
But regardless of all that, as @ben78 already suggested, could at least the login and password change dialog be protected via HTTPS?
I'd be interested in https as well if/when possible to integrate into the site, thanks.
Let's all go bug BSA about this. :>
I've written a coherent but effective letter to them about this issue.