Tuesday, February 11th, 2014

LibraryThing adds SSL

https

LibraryThing has added SSL encryption to all pages that ask for private data.

That means the data you submit for signing in—signing up, changing your password, changing your email, etc.—is securely encrypted between you and LibraryThing. Depending on your browser, this will show up as a “lock” symbol, or just a change in the LibraryThing URL from http:// to https://.

Is LibraryThing going all-SSL?

We have decided on this as a first step, with the intention of going to all-SSL, or all-SSL for signed-in members only, as soon as practicable.

Going all-SSL is going to require considerable work, sifting through all the non-http URLs to avoid “mixed content” messages. Although these vary in their obtrusiveness browser-by-browser, going all-SSL without extensive testing is likely to lead to a lot more in confusion that it solves in potential problems.

As a result of this change, if you previously chose to browse LibraryThing using SSL, ignoring the warnings, you will no longer be able to do so. Rather, if you’re on one of the selected, user-data pages, it now forces you to use https. If you’re not on one of these pages, it forces you to use http.

At present, the solution covers LibraryThing.com and all its subdomains, like dk.LibraryThing.com (Danish), br.LibraryThing.com (Brazilian Portuguese). It is not installed on separate domains, like LibraryThing.de (Germany) and LibraryThing.nl (Holland). We will be weighing our options there, as SSL certificates are expensive.

Come discuss this on Talk, if you like.

Labels: new features, security, servers

3 Comments:

  1. Pua says:

    Even though I changed my email password, as you requested and even though I DO allow cookies, I can no longer access the website. PLEASE help.

    Pua
    Puamei@gmail.com

  2. Jean-Louis says:

    Hi Librarything,
    My password is no longer recognized.
    How can I log in and change it ?
    Thanks

    Jean-Louis

Leave a Reply