By Ryan McGreal
Published February 06, 2012
This means you should no longer get scary security warnings from your browser if you use HTTPS instead of plain HTTP to browse RTH.
When you view RTH pages using HTTPS instead of HTTP, all content transmitted over the internet between your computer and the web server is first encrypted instead of being sent in plain text. This makes it much more difficult for a malicious third party to intercept the data and read it as it travels across the network.
This change is part of our ongoing efforts to make your use of RTH more secure.
Last March, RTH introduced the ability to access the site using the HTTPS protocol. An HTTPS connection (rather than an HTTP connection) means any data transmitted between your computer and the web server (like your username and password) is encrypted so that other people cannot see your login and hijack your user account.
As a result, if you used https to connect to the site, some browsers would issue a security warning that the domain name on the certificate - webfaction.com - did not match the domain name of this site - raisethehammer.org.
Using an SSL Certificate that is specifically dedicated to raisethehammer.org alleviates this issue.
The free StartSSL service does not include an Extended Validation Certificate, so your browser's location bar will not turn green when you connect via HTTPS. However, pages should load without any certificate warnings, and you will enjoy the security benefits of an encrypted connection to the site.
If you are logging into the site with a registered user account, and especially if you are logging in over a shared public wifi connection, you should seriously consider using HTTPS instead of HTTP. Otherwise, your data is travelling between your computer and the RTH web server in plain text and anyone can intercept and read it - including your username and password.
Because all communications between your browser and the web server are encrypted on an HTTPS connection, page loading will be a bit slower than it is on an unencrypted HTTP connection. This is a small trade-off in exchange for improved security.
Finally, the Electronic Frontier Foundation (EFF) has a Firefox plugin called HTTPS Everywhere, which automatically uses HTTPS to request pages from a website if it is available. For Firefox users, this is a great way to improve your browsing security without having to think about it.