Meteotemplate Forum

Hey Jachym,

The SSL train has left the station, thanks to Google and Mozilla, and it isn't coming back. At some point we need to heed the push for better browser security and embrace the transition to https for all web activity.

The Meteotemplate forum login looks like it passes credentials in clear text, as best as I can tell. If this is so, it isn't the standard and make us security conscious users a bit uncomfortable.

Those of us that want to make our meteotemplate websites fully secure without mixed content cannot do so as long as you use a non-secure link to meteotemplate.com in the footer. Chrome and Firefox loudly remind our visitors of the insecure content, and the browser protests will only grow louder as they put more and more pressure on web sites to have fully secure content.

So Jachym, what to do say about upgrading meteotemplate.com to secure communications?

Hi,
this was planned at the end of last yr before releasing v17 (which is ready for this), but because of reasons I do not want to talk about here it did not happen and it is unfortunately very unlikely it will in the near future. Otherwise I am a big fan of https, for example the website I created for my company recently uses https and it was one of the priorities

I discovered Meteotemplate is not SSL friendly yesterday when i started to use Cloudflare. Cloudflare has the option to switch SSL on and off but when its on, Meteotemplate would not update any data.
I use my friend's server to host my website and he recommended using cloudflare for better security. I asked him do we really need SSL as there were no issues before when we didn't use it and he said having SSL off is like leaving you're car running with the keys in and the doors open. Asking for trouble in other words.
I know Jachym is just too busy to introduce it anytime soon but will it become a must have in the future is the question.

Hi,
just to clarify

1. Meteotemplate IS https compatible - many users do use https, it is just my website at metotemplate.com that isnt, but you can run Meteotemplate as https on your page without issues (except for a few blocks/plugins where the data source is htttp, but that cant be solved frou our side)

2. introducing it is not difficult an the problem was not time

3. on websites where you dont enter any information (i.e. no form fields etc.) https is just for "good feeling". Using your comparison, having http on a website where there is no secure data being sent is like leaving your non-functional or empty car with keys in the door. In other words, there is nothing to protect really. The only thing that is sent via this non-secure protocol is for example the year you choose in the stats - which Im sure you will agree is not a private information. Meteotemplate does not have any form fields that would send anyone´s name, email, ID etc. Thats where you really need https. It is unfortunate that the browsers dont take this into account and confuse users.