Please Share your Product Ideas with us!

All ideas are welcome. Just because the Idea doesn't make it into the product immediately does not make it a bad idea.

DSP default protocol from http to https

Hello,

I noticed on all project the default DSP applications run on IIS with the insecure http-protocol.

Nowadays https became the standard.
All browsers show a warning message in the address bar telling the website is insecure. This is not user-friendly and not advisable if you work with critical data.

I so recommend all new DSP installations to run the https-protocol by default.

  • Bert Willekens
  • Jul 28 2020
  • Unlikely to Implement
Stewardship Tier (SST) Framework / Framework
  • Feb 17, 2021

    Admin response

    http / https protocal used on specifc instances of teh Stewardship Tier is decided during the installation of the application.

  • Attach files
  • Jake Cohen commented
    July 31, 2020 14:35

    I disagree on this. In the last 5 years I don't know if we have 2 customers that are internet facing with DSP, which means the IT org has to take on the additional burden of putting an SSL certificate on the web server. This adds administrative overhead to IT as well as network packet overhead when data is only on their internal secured network. Corporate IT frequently takes other FW based approaches to mitigate bad actors inside their network vs. an SSL certificate. To add to this, come September 2020 all major browsers are flagging SSL certificates that are valid for more than 400 days as a risk and throwing an error to the end user, thus forcing all SSL certs to 400 days or less which means even more overhead on the corporate IT staff to manage the certificates.

    ×

    Attachments Open full size

Related ideas