No more security warning from IE

Ed note: This is the first technical post here on the BioGPS blog. As we encounter and solve more roadblocks in our BioGPS development process, we thought we’d share them with our users and other developers. Feel free to read or ignore, depending on your interest!

Up until now, we’ve forced the whole BioGPS website to be served through the “https” protocol. We were using an ajax-style login dialog, which meant we needed to use “https” for the whole application, in order to encrypt the user’s login credentials. This led to a side effect for our Internet Explorer users, who would often get interrupted by this “security warning” dialog. This happened when BioGPS was loaded securely (via “https”) but one or more plugins were loaded insecurely (via “http”). To make things worse, there was no obvious way to either disable it (but here is how if you want) or remember the Yes/No choice for subsequent plugin displays. It showed up every time.

To get rid of this annoyance, we now (since ver 0.9.9.3560) use the regular “http” protocol for the main application and only jump on the “https” protocol for account management tasks (e.g., user sign-up, login, changing password, etc.) The only change you should notice is that those security warnings no longer show up! We’ve set up Apache to handle the entire process for you and keep all your old bookmarks working.

This change also avoids the unneccessary encryption of the main application and boosts the performance on both server and client sides a bit. Of course, the minor drawback is that the dynamic “in-page” login dialog has been replaced by a full HTML page. After a successful login, we try our best to redirect you back to the state you were in before you clicked the “Login” link. If you would like to leave feedback on this change, you can post a comment here or on the BioGPS Google Group.


Leave a Reply

Your email address will not be published. Required fields are marked *