Firefox V52
I have a 100% ZEN application combined with 100% ZENReports and am also using IFind which is part of the solution.
Our application is a cloud hosted solution where we lease a server which does not have a website, only Cache configured under IIS. Connectivity to our site is premised on a URL string such as u12345.usa-server.com/csp/namespace/Cache.cls
With the release of Firefox V52 this connection string is now seen as security threat as we have an application login page using two <password> controls. I spoke with the server provider who indicated I would need to obtain a domain website name and apply a security certificate to it to invoke https:// and eliminate this warning. I also have another server where we do have a website where we redirect from an html landing page and then uses java script functions to bridge to cache namespaces but there are no credentials required.
When I suggested this to the server support person, he indicated if I applied this approach the redirected page would be seen as security threat. I am not sure that is correct as I haven't tried it, and/or don't know if the web site https: certificate would apply to the cache and csp sites defined under IIS.
I am searching for a solution as I am taking a lot of backlash from my clients on this subject. Any proven thoughts or actual knowledge in solving this are appreciated.
Jim Regan
1. https certificate would apply to the cache and csp sites defined under IIS. It would apply to everyrhing really.
2. Not sure about html landing page being a security threat. That depends on your setup. Do you embed http parts in your (future) https pages?
I'd recommend as a first step to install let's encrypt certificate - it's free and easy.
Then force http->https redirect on your iis server.
After that check how your html landing page behaves.
I worked with ISC support on this today and we framed this out as a possible solution.
Hopefully this works