Google it appears have decided that any data input by a user should be encrypted from the users computer to the server. As a result, Google Chrome version 62, come October will show any web page with a text or email field that is on a http site, as being non secure.
Here is an example of the message received from Google.
Here is an example of the message received from Google.
Chrome will show security warnings on <website>
To owner of <website>,
Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.
Like many developers I have a number of websites that are hosted and use http. Personally I don't think there's much security risk for many of my sites. For example sites that convert inches to cm, allow a person to enter a postcode, or the many different calculators I've created. None of that information really presents a risk to a user. However Google is dictating what developers do by pushing them to have sites using https.
We'll have to wait and see how intrusive the non-secure message is, but at this stage it looks like it will appear as an information message in the address area. If it becomes intrusive by blocking what users do, that could be a concern.
Appropriate security is definitely a good thing. Having secure sites where there is little to no reason for security, that's almost bordering on dictating and that's a concern.
The good thing is people generally have a choice and if they're not happy with the path taken by Google, they can simply stop using the Google Chrome browser. If people are happy with Google's direction, then they'll probably stop using sites that don't conform. Either way the choice is yours.
Kelvin Eldridge
Online Connections
IT support.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.