[luatex] Website protocol problem

Mon Apr 11 10:11:19 CEST 2022

Hi Taco,

Am 11.04.22 um 09:45 schrieb Taco Hoekwater:
> But I always though that those security warnings were a bit ridiculous
> for a static html website, so I have never been eager to change anything.

it's not *your* site that's protected by switching to https. It's the
reader who trusts you who is protected by that.

With only http used, some evil website can pose as your website (for
example by misusing DNS). That mal intending website can contain lots of
malicious code. If well done, and especially if your readers expect only
static html, they may not even notice that links followed do more than
they should.

Https makes the reader notice if the website that claims to be yours
isn't yours. That's the main thing https does – nothing more, nothing less.

Julius

PS: Yes, https does more. But that's what the browser's security warning
is about.