Why Daz, Why?
Griffonbait
Posts: 9
in The Commons
Why is the Daz Documentation Center not a secure site link?
URL: http://docs.daz3d.com/doku.php
I am in the install manager and click on an info button and it sends me to an insecure site, but still attached to Daz3d.com.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
224 S 200 W, Suite #250
Salt Lake City, UT 84101
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2024 Daz Productions Inc. All Rights Reserved.
Comments
sadly, can't even force it with https
And most of the documents aren't even showing. Just get a blurb about it being a place holder for an upcoming product, but it's showing the same for most products. Only a very few are actually showing the product information.
There is, or was, an issue with the stroe supplying the data that the read me code (they are geernated on the fly, not stored as static data) uses to determine if the product is live and can have its readme viewed.
missing readme's still is an issue. Quite a lot of new products are completely lacking their readmes on release day. Not to talk about older ones.
So if products are not including readme's, does that mean everyone is making their own textures for their products or making the props they create textures for, cause it was my understanding you have to give credit, usually done in readme's when you use anything made by another creator.
The Missing readme files is a bug that has not yet been corrected rather than an actual change in policy
Daz readme files follow a template, so are all the same style
Yes in the main Daz PAs make their own textures or have a partner/co PA that does so as a team.
Obviously if you are making a texture set for props or clothing you do need to say what it is a texture set for, this would be included on the Store page as "Required Products" and also quite probably in the product name, as in "Texture for Blah Blah.
^Depends on the license for the thing of which it's a derivative.
Vendors use different things, including but not limited to: Substance Painter, Photoshop/Gimp self-created stuff, Own photos, Blender procedural textures, Other texture resource images, etc.
If they're doing a texture addon, the original model should be listed on the store page under 'required products' ... except that seems to be sometimes not showing up right at the moment.
Who says these forums are even secure? At least the store is secure...
If you get the placeholder page, refreshing the page one or more times usually makes the correct page load.
The forums are marked as insecure because there is content that people have linked (through their signatures and the like) that is http instead of https, the other option to this is not allowing embedded remote content, which might be a good idea from a privacy perspective so we'll have to look into that someday.
It would be much better if each product has a readme in the product itself as other stores have.
Thanks for that bit of info, it makes me feel a lot better then, as that's much better than having vulnerabilities in the code!
I think a better question is "why do you think it needs to be?". Because the only thing we're talking about here is encryption: making sure the data between the webserver and your computer gets encrypted to avoid others from spying. But since this is public documentation we're talking about there's nothing to protect. Adding encryption won't change anything, all it does is making things a lot more harder for Daz then they need to be.
This whole "https is better than http" is a load of nonsense because it doesn't make things more secure at all, all it does is prevent possible 3rd party spies.
In fact, but I realize I might take things a bit too far here, this whole https fascination is actually a main reason why we're running out of IPv4 addresses! See: a webserver can easily host multiple websites using 1 single IP addresss, it does this through "name based verification". So: the webserver gets a request for a website, recognizes the name and then serves the right site. Adding encryption (so: using https) makes this impossibe. After all: first you need to establish an encrypted connection before you can sent data across. As a result every "https website" has to be hosted using a dedicated IP address. You know... the main thing we've been running short of multiple times?
Worst part of it all, as mentioned above, is that https doesn't make things more secure at all.
So yah, IMO it's a good thing that https isn't used. This makes the site more responsive and you'll also be able to access the information using older browsers.
Dedicated IP per site? You are a little outdated in how HTTPS and SSL Certificates work. Virtualhost and SSL have been working side by side for a long time. Not only you don't need a new IP in a shared host, you don't need a new certificate for subdomains even if the sites are hosted in different hosts. You can get wildcard certificates.
Also in terms of compatibility, is more what you loose by not having HTTPS properly setup, than what you may gain for allowing systems so old that reached EOL many years ago.
Hardly. I'm well aware of the newer standards but those aren't as commonly used as you seem to think. And for good reasons because any kind of "input" on the client side can be a potential risk for the serverside. A good security policy isn't about immediately using the latest and "greatest".
The browser's mark "secure" or "not secure" is not about the code at all. It's about SSL Sertificate, which is not about site's code too. Only sites with user registration requires SSL sertificates (online shops, online bank accounts etc), so browser can send user's data (login, password, credit cart info etc.) to server via secure protocol (HTTPS). Other sites (such as Daz Documentation Center or news sites) are not requres secure connection at all. They are not collect any user's info.