(RESOLVED) Will it ever be implemented? HTTPS

Totally agree with you. In fact I was able to retrieve the failed log in attempts of others in the lab and could clearly see the username and password they entered! If they're unwilling to do anything about it they should at least make users aware about the dangers.

Last time I raised it, the response was that they were having issues with Firefox, so the rest of us could go unsecured. Nice.

I don't log into PH on public wifi anywhere for this reason. Crazy really.

No news ?

It's all fun and games until someone gets bored and is a bit naughty.....

There is truly no excuse.

One line in an Apache config file would seamlessly rewrite all HTTP requests to HTTPS. Zero programming changes required.

I guess this will get more attention from Haymarket early next year when Google start punishing sites for lack of SSL, ie when it impacts advertisers rather then users.

Thanks for the response, so done by the 1st Jan, so we can look forward to a little more security in the new year. That will be an improvement.

Together with the picture above, the whole situation is summed up rather well

Well, I asked and they said January, so lets see what happens.

Daft though really, the ads are all iframed in so I get that they have to have these HTTPS first before the main site else they'll hit the insecure content warning (iframes, yuk!)

But surely any ad company worth its salt can serve both secure and insecure channels? As a test, I just took 5 of the ads from the main site and requested the same ad under HTTPS specifically - each ad is served absolutely fine.

Surely this is trivial to switch over if you're using a centralised ad system? Then you just change IIS or your load balancer to use a HTTPS cert and force all bookmarked insecure requests to bounce to HTTPS, job done.