First, a little background info...
³ÉÈËVRÊÓƵ’s websites are currently accessible via both encrypted and unencrypted protocols (HTTPS or Hyper Text Transfer Protocol Secure, or HTTP or Hypertext Transfer Protocol). For example, if you’d like to visit the Faculty of Engineering site, you can open your browser and go to /engineering/ or /engineering/
The update
The Web Services Group, in collaboration with Network and Communication Services, is currently working to redirect all HTTP traffic to WMS sites to HTTPS. This will increase security and bring our WMS best practices in line with industry best practices.
One of our reasons for doing this now is that that submitting form content on unencrypted websites is non-secure.
As a result, until this redirection is complete, your site visitors may encounter alert messages in Chrome telling them that a page is non-secure when they use your site’s webforms, e.g. your site’s search bar, sign-in form, feedback forms, registration forms etc.
Things you need to know about these alert messages:
- The alert messages don't mean there’s a new security issue on your site, but rather a new, stricter policy built into Chrome
- We expect to finish redirecting all HTTP visitors to HTTPS in the coming weeks, after which these alerts will go away
- For now, the alerts will only appear on unencrypted pages when a form is being used, but eventually,
- This change isn't isolated to Chrome - in the future,
Update your site's links!
When we put this redirection in place, anyone who visits /engineering/ will be automatically sent to /engineering/, the secure version of the site. Most visitors probably won't notice - though you might notice a difference in your site's broken links report.
If you've added any HTTP links to your pages, these links will show up in your broken links report as either Response 301 (Moved Permanently) or 302 (Moved Temporarily). These aren't really a problem, but we recommend you address this by changing any HTTP links on your site to HTTPS.
A best practice for staying safe online...or something you and your visitors can do now to avoid seeing these alert messages
It's always a good idea to avoid entering passwords or any other sensitive information over an unencrypted connection, i.e. any website whose address does not begin with "https" and/or when using untrusted WiFi nextworks.
Visit the Information Security web pages on the IT Services website for additional details about protecting personal data.