Time to move towards secure hosting

1
Official Construct Team Post
Ashley's avatar
Ashley
  • 27 Feb, 2015
  • 546 words
  • ~2-4 mins
  • 2,100 visits
  • 0 favourites

There is a general movement to secure the web. That means encouraging the use of secure sites - where the address starts with https: and are usually accompanied with a padlock or green security indicator in the browser UI. Correspondingly the use of insecure sites (http: with no security indicator) is being discouraged.

Browser vendors are doing a lot to push towards securing the web, especially in the light of pervasive monitoring. This includes:

The last one is particularly surprising: Google are talking about removing support for features like device motion/orientation, fullscreen, geolocation and getUserMedia (used by the User Media object in Construct 2 for webcam/mic input) unless they are used on a HTTPS site. For some features this seems questionable (why remove device motion/orientation?) and others pretty reasonable (sending geolocation data over HTTP basically broadcasts your location to everyone). It's not clear what is going to happen, but some features could end up deactivated when on HTTP.

Overall there are pretty good reasons to start moving your content to secure hosts today. It might be necessary in future to use the latest Javascript capabilities; it may be required for HTTP 2 support; insecure sites might end up being marked as suspicious; and features that your projects depend on could end up being removed if they stay on HTTP; and last but definitely not least it improves the security of your site! If you don't do it now, you may end up being caught out in future and have to fix this in a hurry, so it would be wise to sort it out in advance.

So: if your content is not already sent over HTTPS, investigate making it secure. The Scirra site probably isn't the best place to ask about this, since it's mostly to do with server configuration. However if you have a hosting company, ask them about their HTTPS support, or move to another host with HTTPS support. If you run your own server, look in to getting an SSL certificate and setting up secure hosting. As ever a few Google searches and perhaps asking on help sites like ServerFault.com will help you on your way.

Note that this only applies to web-hosted content - things like desktop and mobile apps are generally stored locally so don't need to worry about this. However if they deal with any other web-based content, it would be a good idea to make sure that is secure too. Also Construct 2's preview server runs on 'localhost' which browsers make an exception for and consider secure (even though it appears as http:) so there is nothing to worry about there.

The future of the web is likely to be HTTPS, and sticking to HTTP will probably have increasing disadvantages over time. So it's time to move to a secure host.

Subscribe

Get emailed when there are new posts!