TOPIC:

Hello,

This support request is for Club #3853, Last Word Toastmasters at lastword.toastmastersclubs.org .

I am listed as the site owner for Google analytics and received an email from Google stating that visitors to the site would receive a warning when using the Google Chrome browser version 56 or later. This warning is due to the fact that username and password information is being collected via insecure (non-HTTPS) pages.

Text of a portion of the email from Google :

"To: owner of lastword.toastmastersclubs.org/

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.

lastword.toastmastersclubs.org/"

Would it be possible to change the login form for the site admin and club members to forward to a secure page somewhere else on toastmastersclubs.org so that google wouldn't flag the page as nonsecure? I realize that secure certs cost money because they must be purchased from certificate authorities. That's why I suggest forwarding the login page to a single URL like secure.toastmastersclubs.org or something similar.

Thanks for your support,
Michael Lavery #3853

Thanks. Someone else has mentioned this also. This is an architectural issue that will require some creative thinking to address because of the nature of the system being a content management system that supports the use of custom domain names that we do not own or control. The security/HTTPS stuff is tied to a certificate that stored w/ DNS settings and on the server. For toastmastersclubs.org based domains, we would be using the same certificate. However, for custom domains, we would not have the certificate.

Right now, what I can tell you is that I am researching on the web to find an approach that will work for us. At this time, the only thing we could support are secure pages for the non-custom domain websites only, which is not really a complete solution.