Web Security & ADRP

After sending out the email with the summary of articles at our web site, a member noticed that when they go to https://theadrp.ca it shows as an insecure site. That had me scratching my head because I set it up to be a secure site and it always appears that way to me. However, when I make updates and/or other changes, I always use the web address https://theadrp.ca/wp … not on purpose … it just auto fills when I type.

Upside-down Directory

As I’m sure you know, computer files are stored in directories. And directories are hierarchical in nature; that is to say there are parent directories and child directories. At the top of the hierarchy is the main directory commonly referred to as the root. The choice of that term is somewhat confusing since we tend to think about a hierarchy as top-down. If it helps to visualize, the notion of the root, just turn the hierarchical tree upside down. By the way, don’t worry that the image of the upside-down directory tree is too small to read the directory names; I just wanted to give you the idea.

The files for our new web site are stored in a directory titled wp. I picked those letters as we are using a platform called WordPress. The advantage of using this platform is that we can have as many people as we wish with login credentials so they can write articles, multiple people to administer it from day-to-day, and it is easy to add new services. For example, adding the service to notify you when a new article is published is a lot easier that sending mass email messages. Once I finish and publish this article, you will get an email message automatically without any additional action on my part.

So back to the reason I write. It is easier to tell you to visit theadrp.ca than the full address of theadrp.ca/wp when sending out email, etc. What happens when you use the shorter version, your browser hits a file that automatically redirects you from the root and opens the website from the folder wp. During that redirect, for unknown reasons right now, it changes from https to http so my investigation will continue to sort this out.

The question you might be asking is why is this important. On any site where all you’re doing is view pages, it really doesn’t matter. You’re not storing any identifying or financial information; you’re just reading. On our ADRP site, most of the time you’re just reading. The notable exception is that we’ve asked you to register you email so you get notified of updates. That’s an example when you should be on a secure site. Clearly the risk from recording your name and email is not at the same level as logging into your bank or making a purchase with a credit card, but in the big scheme of things it is always wise to be safe than sorry.

Until I solve the problem with the redirect, you can bypass it and use our site in a secure way with the address https://theadrp.ca/wp … which I recommend.

All the best, Phil O’Hara

Leave a Reply

Your email address will not be published. Required fields are marked *