Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[bioontology-support] HTTPS support for REST web services?

Ray Fergerson ray.fergerson at stanford.edu
Tue Jan 24 14:35:25 PST 2012


Matt,

What is the scenario in which you are getting this warning? Are you using
our widgets on your https page? Are you using your own widgets to call the
NCBO REST services from the browser directly?

Depending on your scenario it isn't clear that making the REST services
available by https will solve your problem. For example, our widgets go
through the front-end and do not make direct REST calls. Even if they did
call REST directly, as we currently distribute them, they make http calls
and would still not work. If it is your own widgets then it seems like you
can solve your problem by sending their calls through a proxy server that
calls us in the backend (hiding the insecure communication from IE).

We have discussed https support and decided not to do it, at least in the
near term. We aren't really a secure site and don't really have much call
to be. The overhead of setting up and maintaining this sort of security is
not huge but it is not negligible either and there would be no gain for
the vast majority of our users. Of course if a lot of people start
complaining about it then we may reconsider...

Ray

> -----Original Message-----
> From: bioontology-support-bounces at lists.stanford.edu
> [mailto:bioontology-support-bounces at lists.stanford.edu] On Behalf Of
> Matt Hughes
> Sent: Tuesday, January 24, 2012 8:28 AM
> To: bioontology-support at lists.stanford.edu
> Subject: [bioontology-support] HTTPS support for REST web services?
> 
> Is there any plan to support the REST services over https? It seems
> when we have web applications that communicate over https, and then as
> a result of some action hit other web services, if they aren't https,
> then IE puts up a pop-up asking if it's ok to include Mixed Content,
> which creates a bit of a headache for training, or IT configuration. Is
> seems based on my reading that the standard is really to just make sure
> all other services also be available over https, but I'm happy to be
> corrected if anybody disagrees with this assessment.
> 
> Thank you,
> 
> Matt Hughes
> _______________________________________________
> bioontology-support mailing list
> bioontology-support at lists.stanford.edu
> https://mailman.stanford.edu/mailman/listinfo/bioontology-support


More information about the bioontology-support mailing list