Rob Cluett


I know much like Google and Yahoo their are no plans to offer a freely available SSL version of your maps. I clearly understand why this won't be done. Processing load on the servers is probably the main reason. The other I assume would be centered around the profits of selling a secured version. However, this is an issue with IE that has plagued me for years. If one embedded js application makes use of something that is not HTTPS it throws this message and makes the user think their is something seriously wrong with using my application. Based on the message they 1) think I did a poor job of coding this 2) beleive that their information is going to be misused or snooped in some manner and 3) frustrate them with having to click ok each time. My users are turned off.

Why is it that it must be a yes/no prompt Wouldn't it have been a little friendlier to just turn the address bar a differenent color like you do with the phishing feature At least the users wouldn't feel like the application is going to self-destruct! It seems that this is a show stopper for me and others that have posted here.




Re: SSL & VE5 (Destroying Users Faith in My Application)

Earthware


Hi Rob

Just one point of caution, if you are using SSL I assume its some kind of login / private area with a known number of users If so are you aware you cannot use Virtual Earth for free in this kind of environment and it requires per user licensing from MS

Just thought Id mention just as if you are already paying you should get support from MS for this kind of issue

Brian Norman

www.earthware.co.uk






Re: SSL & VE5 (Destroying Users Faith in My Application)

Rob Cluett

Thanks for the heads up. This is a proof-of-concept application. I'd like to integrate it into an existing app and am taking VE through it's paces to be sure it's the right fit.






Re: SSL & VE5 (Destroying Users Faith in My Application)

SoulSolutions

Um, not sure that is accurate about the licensing.

http://www.microsoft.com/virtualearth/control/terms.mspx

My understanding is the use of the API for commerical and non-commercial all falls under the same restrictions.

That said if you plan on more then 3 million requests per month or need a SLA or access to MWS then a commercial agreement is the way to go.

For SSL the solution we have is to redirect the user after they login to a the HTTP using:

Code Snippet
<script type="text/javascript">
//Redirect to non-SSL
if (window.location.href.indexOf("https")==0)
{
window.location.replace(window.location.href.replace(/https/,"http"));
}
</script>

hope that helps.

John.






Re: SSL & VE5 (Destroying Users Faith in My Application)

Rob Cluett

Thanks John,

I'm a bit confused on what the above code is doing, it looks like you are redirecting the user to a version of the existing page that is not ssl secured You are effectively eliminating all encryption, no





Re: SSL & VE5 (Destroying Users Faith in My Application)

SoulSolutions

Spot on Rob!

In Mixed security mode where your accessing non SSL content, like the VE API and tiles, you will get the warning message I assume you are talking about.

VE does not support SSL and the best solution is to not use it. I would never claim that on mixed page that any part is secure.

If the data you are putting on the map has to to be secured I would:

a) Run that data within an intranet and restrict access.

b) Use Mappoint Web Service to generate static images supported under SSL.

The other option we have debated is whether you could setup a proxy service that supplied all the functionlaity of VE through SSL. This would require more thought.

John.