Tinkering Under the Hood

This past summer, while Kitt Peak National Observatory was shut down for the COVID-19 pandemic, I took some online courses in web design. Web design is something I’ve learned largely on the job without any formal education, so even though I had been designing and editing web sites for several years, I decided to start with some fairly basic classes to improve my formal understanding of the process. One of the subjects covered was “hypertext transfer protocol.” This is basically the protocol computers use to speak to each other over the web. You’re probably most familiar with this from the “http” in front of web addresses in the address bar at the top of your browser. You’ve probably noticed that some of these addresses start with “https” instead of “http.” The “s” stands for “secure” and when it’s in the address, you should also see a lock icon in the bar.

Without getting into too many technical details, the way you secure the communication between your browser and the computer where a website lives is that the website’s computer has to have a piece of code called a secure socket layer certificate or a transfer layer security certificate. Without the certificate, the data transferred between the computers is just the code typed by the programmer, which can be viewed by a lurking third party. When the certificate is enabled, that communication stream is encrypted and can’t just be read by the third party. This is especially important when you’re using a form to send personal information across the web, and particularly when you’re sending something like a credit card number. When I started working on websites, secure certificates weren’t used and I haven’t tended to worry about them. On the Hadrosaur Productions websites, when I offered something for sale, I used a shopping cart from Paypal, which had all the necessary security in place. However, because of my recent classes, I learned that I could make a more secure web browsing experience for my customers.

Hadrosaur.com after modifications

This past week, the hosting for hadrosaur.com and talesofthetalisman.com both came up for renewal, which prompted me to check on the state of the security certificates offered by our web host. I discovered the hosting service does, indeed provide them. So, I’ve been tinkering with links throughout the sites I manage, including this blog, my personal website, and those two websites to make sure links were summoned using the https protocol. As you can see in the image above, hadrosaur.com now displays the lock icon in the address bar.

We have some exciting products coming to hadrosaur.com later this year, including the new edition of my novel Children of the Old Stars, a new edition of Hybrid by Greg Ballan, and the comic Guinevere and the Stranger adapted from my Scarlet Order Vampire series. Although Tales of the Talisman Magazine remains on hiatus, many back issues are still available at talesofthetalisman.com and they all have great stories. The changes to the sites are mostly invisible to the casual browser, and while shopping there has always been secure through the Paypal shopping cart structure, my goal has been to add another layer of security and trust to your shopping experience through our sites.

2 comments on “Tinkering Under the Hood

  1. I’m going to take this blog post as an opportunity to get free information, heh heh.

    I’ve wondered why a page can be both secured and not, depending on how you get there.

    For example, if someone goes to blog.loveshade.org, the connection is http, not https. If they go to loveshade.org/blog, which goes to the same page, the connection is https.

    Do you know why?

    • As I understand it, the difference is that https:// sends the instruction to use encryption when it’s available. So, if your site has a security certificate (which WordPress blogs do), then the data will be encrypted at the site, sent to your browser which will decrypt it for display. You know the secure connection was established because of the lock icon (or whatever your browser uses) in the address bar. This way, a third party can’t see what’s going on between the two browsers.

      However, http:// effectively says, “it’s okay to use plain English when transmitting this data.” For most articles, it doesn’t make much difference, the information is public and can be read by anyone who visits the site. It matters more with form data, where there’s a chance the person sending something might send confidential information, including an address or an email address for a newsletter sign up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.