ne big change required a lot of the time and energy from library staffers this quarter (headed up by Ken Winter with support from VDOT IT) — though it was virtually invisible invisible to most library users. A significant amount of energy and time was spent planning and executing a migration of the library's systems (Web Site, LibGuides and LibAnswers FAQ) from the http protocol to the more secure "https" protocol.
What is HTTPS and why make the shift?
HTTPS is a more "secure" version of the HTTP protocol we use on the World Wide Web every day. In the past year there has been an increasing trend for most Web sites to encrypt using the more secure HTTPS protocol — even sites that don't process credit card transactions or transfer other private information. That move has been driving by browsers like Google Chrome, which began making all Web pages that load over HTTP (and contain form fields) as "Not Secure." Read more about it here.
Google has continued to raise the bar, and when joined by legislation from the European Union (EU) related to personal data the impact has been for a massive shift to a more secure Web across the globe. While many sites (like the VDOT Library) don't deal with credit card numbers or any kind of sensitive information, we knew if we didn't migrate to HTTPS our patrons would soon see troubling warning messages when they tried to use our site.
VDOT Network Issues
While our HTTPS migration was technically successful (for computers off the VDOT network) we discovered the McAfee Web Gateway software (used by IT to monitor VDOT network traffic) has cached library pages as HTTP and not HTTPS. Apparently, the new HTTPS protocol confused McAfee, causing error screens to appear when VDOT employees try to access any of the resources listed above from work.
The error screens displaying in Chrome and Internet Explorer are generic precautions to alert users of potential security concerns, and warn you not to proceed. However, in the case of library content those warnings are not valid. We've been told by IT that by next week some adjustments to McAfee will ensure those warning screens no longer appear.