tags:

views:

144

answers:

2
Q: 

Does an HTTPS SharePoint Site Need to Use HTTPS-Compliant Web Parts?

We are planning to create a new sub-site within our company's intranet site, which is built on SharePoint 2007. We want to add a 3rd-party weather web part (which is just a widget to display the local weather forecast) to the home page of the new intranet site.

Since the intranet site uses HTTPS, do we need to find an HTTPS-compliant web part? I'm guessing that if we use a non-HTTPS web part, then users will get some sort of "This page contains both secure and non-secure items" error message when they load the page.

Edit:

I found this post on SF: http://serverfault.com/questions/91159/sharepoint-moss-serve-http-content-on-an-https-page-without-mixed-content-warni, which suggests that the most secure option would be to find a 3rd-party weather web part that uses HTTPS (or create one ourselves). Your thoughts?

A: 

There is no need. If your intranet runs in a secure channel accessing external sources, just make sure it is allowed to do (at the firewall / proxy level).

F.Aquino  2010-05-27 14:57:19
Would this essentially weaken security for the entire intranet site? I wonder if IT admins would be reluctant to do this?
bporter  2010-05-27 18:07:32
Eh? The weather widget type stuff makes the http request from the browser and that is where the "Mixed content" warning occurs so how would doing anything with a firewall help? Confused am I!
Ryan  2010-05-27 22:37:25
+1  A: 

If the weather is retrieved clientside from a non-https url you'll get an error yes. Providers of feed data should enable https too, did you try if that works? :)

There's a free weather webpart from Bamboo: http://store.bamboosolutions.com/pc-55-1-world-clock-and-weather-web-part.aspx

The upside is that it retrieves it's feed serverside so you won't have the client-script issue.

The downside is (if I remember well enough, it's been a while) that it attempts to retrieve the weather on every page hit, slowing down the page especially if the connectivity is not there for some reason.

I usually build my own RSS consumers.. with built in caching.

ArjanP  2010-05-30 03:53:34

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?