cancel
Showing results for 
Search instead for 
Did you mean: 

(no) SSL Encreyption on some blog? -> Yellow Lock in Browser

joachimrees1
Active Contributor
0 Kudos
719

Usually SAP-Blogs have a nice green lock on them -> SSL encryption stuff, nice and secure, everything fine:

But today I saw one where there's a Yellow lock: https://blogs.sap.com/2015/02/24/uture-of-community-and-one-digital-experience/

-> something embedded that’s not so well encrypted, not so fine....

(Screenshots from Chrome)

Why is that? (Go technical, if you want!) And: Can/should that be fixed?

best

Joachim

Accepted Solutions (1)

Accepted Solutions (1)

joachimrees1
Active Contributor
0 Kudos

Well, it seems fine now! (I no more get a yellow lock for the blog I mentioned).

*accept*

Answers (1)

Answers (1)

former_member186338
Active Contributor

Looks like emoticons 🙂

"http://scn.sap.com/111/images/emoticons/grin.gif"

Not encrypted 🙂 No more secret emoticons...

joachimrees1
Active Contributor
0 Kudos

OK, understood. As far as I can tell those links are not working anyway, so they could as well be removed....

I'll raise an alert on that blog, pointing to this question....

jerryjanda
Community Manager
Community Manager
0 Kudos

I honestly don't know what to say about this one. Let me see what I can find out...

joachimrees1
Active Contributor

Thanks Jerry! Maybe to clarify: it doesn’t hurt me at all, to get that yellow lock. However, it gives a bad impression. ( -> it seems unsecure to the user and that's what the browser says as well).

Also: telling users something like "well, you will get that browser message saying "not secure" but that's ok/ignore it/ click it away!"* is an idea I don't like, as it educates people NOT to care for security, while what we(internet community / society) need is the opposite!

So it’s not a bug, but more of an image-problem (nice pun here!) 😉

*Sometimes I see this (not here, other places) when self-signed certificates or used.

best

Joachim

joachimrees1
Active Contributor
0 Kudos

Update: "A moderator did not agree to your alert for Future of Community and One Digital Experience (2 days ago)"

jerryjanda
Community Manager
Community Manager

Hi, Joachim:

We've opened as a prioritized bug. The explanation I got from IT: "Bottom line the reason is that images (smileys) of that post are loaded via http and not via https and therefore not the full content is https/ssl any more."

I could seek more details if you wish, but IT is working to resolve.

Best regards,

--Jerry

VeselinaPeykova
Active Contributor
0 Kudos

While the IT are looking into the issue, specific for blogs display - the same situation we have for tagged pages: https://www.sap.com/community/tag.html?id=209057551571413566377230676804921&tag=type:question

The reason is, that the links to the avatars of the forum members are also http.

jerryjanda
Community Manager
Community Manager
0 Kudos

Thanks, Veselina. I'll pass that along as well.

patelyogesh
Active Contributor
0 Kudos

I go to same page through

http://www.sap.com/community/topic/erp-sd/all-content.html

All looks OK?

VeselinaPeykova
Active Contributor
0 Kudos

This check is not performed with http, it is for https. But was it not stated at some point that the SAP Community is supposed to be be https-only?

jerryjanda
Community Manager
Community Manager
0 Kudos

Hi, Veselina:

Not just SAP Community -- the whole site is moving toward https enablement.

If you'd like more details, I can reach out to the team working on that. (It's outside of my team, as it's a much broader SAP.com initiative.)

--Jerry