secure and encrypt network traffic between the client and Diigo servers
All client-side applications of Diigo should secure — and ideally encrypt — all traffic between the client and Diigo servers.
This is most important when bookmarking or annotating content that is wholly or partly secured (i.e. https) or non-public.
I'll not categorise this topic; the suggestion applies to all Diigo products and services.
When LOGGING IN why isn't an SSL (secure connection [https]) used instead of a NON encrypted http ?
Current Diigolet uses http to connect to the Diigo website which causes some browsers to reload the current page if it's using https. Pretty annoying plus insecure. Easy fix is manually editing the Diigolet script, would be nice if Diigo made this the default.
A lot of the times I am travelling and I know it is a somewhat simple matter for people to take my cookie and connect to the site, seeing all my notes! Please google firesheep extension for firefox.
Firesheep is an extension developed by Eric Butler for the Firefox web browser. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name.
The extension was created as a demonstration of the security risk to users of web sites that only encrypt the login process and not the cookie(s) created during the login process
It will be finished in one month.
very nice thanx for sharing
Great. This was far and away the most important feature to me. Folks that don't think it's important either don't get it or do not use it at work. If you do, think about it...
It is done.
benny parker commented
I don't have information about it.
It will be released in a few days.
Dan Dascalescu commented
Well, a month has passed, has this been implemented?
Thomas Woodard commented
This is the most annoying issue I have with the Diigolet, it doesn't work if you want to bookmark a https page. With the increasing trend of sites enabling https by default it means less and less sites I can bookmark with the Diigolet.
If I change the code of the diigolet to:
it starts running on https pages, but then stops and reports "Loading Diigolet..." forever. All you have to do is switch from "http://" to "//" in your scripts.
enable DIIGO WEBSLIDES on PASSWORDPROTECTED sites !!!
John Chapman commented
Please make sure this is also implemented on mobile app/APIs.
D Mc commented
Thank you so much! I look forward to the next version. Again, I really, really enjoy this service (and your responsiveness) very much. You guys are great!
We will support HTTPS between the plug-ins, clients, apps and the web site in the next version.
D Mc commented
This isn't just about content privacy but also about keeping account log-ins secure. If someone were to snoop a user's network, the captured packets could be used to replay the web session or sniff out password information. This isn't just a problem with home networks-- hackers in the workplace can do this sort of thing, too. Sometimes admins abuse their privileges and use their networking knowledge for unethical reasons. I really want to see HTTPS between the plug-ins, clients, apps and the web site. I really love this service and I'm becoming quite dependent on it. I would want to see this feature added before anything else.
This REALLY needs to happen. There are those of us that use diigo through VPN, workplace proxies, etc. To me, my personal content at diigo is important enough to protect with a "strong" password. TLS/SSL needs to happen for diigo. Plenty of folks would like to get this information that you hold--and that I pay for you to hold.
tesa enigma commented
App is useless until HTTPS is available while on your 'diigo" page. To put so much time into configuring it only to learn that it's not an encrypted site is frustrating. Should of just skipped this service I think.
tesa enigma commented
I agree, this needs to be standard. Using this service for anything other than leisure research would be out of the question. I waste so much time trying to configure this stuff only to find out I'm not even on an HTTPS page when I'm logged into my diigo page. Useless now. Wake me up when you guys implement this feature, thanks.
Philip Freeman commented
Any update on the plans for this?
Raman Singh commented
really want this feature.
Fuzbolero . commented
yes, would appreciate a time frame on this one.
when will this be available? will start premium once you have https like evernote has
Mike Donovan commented
Crucial. I can't upload/download/bookmark, etc. data that's not secured by an SSL certificate (https). If necessary, it can be a premium feature, but right now - Diigo is a no-go until there's a secure connection. Thanks!