Why enable HTTPS?
These days, it's never been more important to protect the privacy and security of your users. By enabling HTTPS for your Springy sites, you're giving your users the peace of mind that their connection is secure and encrypted. HTTPS can be enabled for sites with Springshare domain names, as well as custom domain names.
Why does it matter? According to the Electronic Frontier Foundation (EFF):
HTTPS provides three security guarantees:
- Server authentication allows users to have some confidence that they are talking to the true application server. Without this guarantee, there can be no guarantee of confidentiality or integrity.
- Data confidentiality means that eavesdroppers cannot understand the content of the communications between the user's browser and the web server, because the data is encrypted.
- Data integrity means that a network attacker cannot damage or alter the content of the communications between the user's browser and the web server, because they are validated with a cryptographic message authentication code.
HTTP provides no security guarantees, and applications that use it cannot possibly provide users any security. When using a web application hosted via HTTP, people have no way of knowing whether they are talking to the true application server, nor can they be sure attackers have not read or modified communications between the user's computer and the server.
Check out What Every Librarian Needs to Know About HTTPS for more info on the importance of HTTPS and library resources.
Also, major browsers such as Firefox and Chrome have already begun warning users when they attempt to use form fields on non-HTTPS sites. According to the Chromium Blog, Google Chrome will begin labeling all HTTP pages containing form fields as not secure, as well as any HTTP pages loaded in Incognito windows, starting with v62 in October 2017. This would ultimately include your LibGuides, LibAnswers, and LibCal pages, since they contain search boxes and other form elements.