Currently, all downloads from the Customer Portal come from a link that begins with "http://downloads.osisoft.com", which is unencrypted. Please make all downloads occur over HTTPS.
This is especially important when the user downloads server-side programs (i.e. most PI programs). If a man-in-the-middle attack is successful in swapping out the server-side program with a malicious one, then the malicious program can attack the server on which it is installed and then attack all of the server's clients.
A man-in-the-middle attack against the download of client-side programs can be almost as bad if users are not allowed to download the programs themselves and instead rely on a single person to download the programs and distribute them to everyone.
A man-in-the-middle attack could also swap out the download of documentation with the download of a modified version that contains malicious instructions. Documentation files are small, so the increase in overhead due to their encryption would be minimal.
Lastly, the lack of encryption is a privacy issue. For example, the download of older documentation could reveal that a company uses outdated software, which could then make them a target for a security breach.
This has been addressed. All downloads are now coming from HTTPS. Thank you.