Securing sensitive pages with https
January 19, 2015
UGAL was just updated with a security related update, and all requests for pages containing sensitive information are now secured with https.
Requests for sensitive pages on your custom domain name (eg http://www.domain.com/login) are now automatically redirected to their secure version hosted on a sub-domain of ugal.com (eg https://sitename.ugal.com/login).
Using https is important
When using a secure https connection, the information exchanged between web servers and web browsers is encrypted and cannot be decrypted by someone listening to the traffic between them.
For example, if you were to use http to login to a website from a public place, anyone in the same public place could easily "listen" to the traffic and grab your password that was sent in clear over http.
When using https, your password is encrypted by your web browser and can only be decrypted by the server that receives it. Anyone "listening" to traffic would then only be able to intercept the encrypted version of your password, which is of no use.
Securing sensitive pages only
Most of the pages on your website are made to be public, so serving them over http is not a security issue and only the following sensitive pages of your website are secured with https:
- Your website login page at https://sitename.ugal.com/login and the user account management pages at https://sitename.ugal.com/u.
- Your online shop checkout pages at http://sitename.ugal.com/shop/checkout.
- Your UGAL account management pages at http://sitename.ugal.com/a/account.
All the other pages of your website are served with standard http.
Contact us !
Please contact us as quickly as possible in case you notice issues with our implementation.
To a more secure 2015 !