http vs https
Posted: Wed Apr 25, 2018 1:49 pmI recently recommended this site to several others. One expressed concern that https wasn't used, only http. Don't know enough about this to know if I should be concerned. Please advise. Thank you!
gailb wrote:I recently recommended this site to several others. One expressed concern that https wasn't used, only http. Don't know enough about this to know if I should be concerned. Please advise. Thank you!
HTTPS is the secure protocol that is used to ensure that communication between you and the web server is encrypted and can't be "read" by anyone else on the web.
Many sites, probably even most modern sites, use HTTPS by default right across the site because... well, why not? It has become the norm.
PBase, however, is not what you would call a modern site as many have observed. Its design harks back to an earlier era when the standard for web design was to use HTTPS only on pages which actually need it. And that's what PBase does; it uses HTTPS on its login page so that your password is encrypted when you enter it, and it uses HTTPS on its payment page. It doesn't use it on its photo pages.
Does that mean that there is a risk of someone being able to "sniff out" the comments that you are typing on someone's photo, even if you mark the comment as private? Maybe. But (a) Why would anyone bother? and (b) Even if they could, what difference would it make?
I think that using HTTPS is good practice and I would never enter something like credit card details on a page that did not use HTTPS, but I'm not losing any sleep over the fact that the galleries are not using encryption. The realistic risk is so small as to be non-existent.