Create a website

Try UGAL for free for 30 days

No commitment, no credit card required

Updates

Securing sensitive pages with https

January 19, 2015

Jean

UGAL was just updated with a security related update, and all requests for pages containing sensitive information are now secured with https.

Requests for sensitive pages on your custom domain name (eg http://www.domain.com/login) are now automatically redirected to their secure version hosted on a sub-domain of ugal.com (eg https://sitename.ugal.com/login).

Using https is important

When using a secure https connection, the information exchanged between web servers and web browsers is encrypted and cannot be decrypted by someone listening to the traffic between them.

For example, if you were to use http to login to a website from a public place, anyone in the same public place could easily "listen" to the traffic and grab your password that was sent in clear over http.

When using https, your password is encrypted by your web browser and can only be decrypted by the server that receives it. Anyone "listening" to traffic would then only be able to intercept the encrypted version of your password, which is of no use.

Securing sensitive pages only

Most of the pages on your website are made to be public, so serving them over http is not a security issue and only the following sensitive pages of your website are secured with https:

  • Your website login page at https://sitename.ugal.com/login and the user account management pages at https://sitename.ugal.com/u.
  • Your online shop checkout pages at http://sitename.ugal.com/shop/checkout.
  • Your UGAL account management pages at http://sitename.ugal.com/a/account.

All the other pages of your website are served with standard http.

Contact us !

The update requires that user data (eg shopping carts) is shared between different domains (www.domain.com and sitename.ugal.com). We use cookies for that, and since cookies cannot be shared between domains (for security reasons!), we had to implement tricks based on redirects between http and https pages to make it work.

Please contact us as quickly as possible in case you notice issues with our implementation.

To a more secure 2015 !

Create a website

Try UGAL for free for 30 days

No commitment, no credit card required

Newsletter subscription