Jonathon Posted February 14, 2013 Share Posted February 14, 2013 I've been thinking about having a site-wide SSL. I've read some things about it and just wanted to start a discussion. http://security.stackexchange.com/questions/258/what-are-the-pros-and-cons-of-site-wide-ssl-https http://security.stackexchange.com/questions/7790/guidance-for-implementors-of-https-only-sites-server-side Link to comment Share on other sites More sharing options...
HartleySan Posted February 15, 2013 Share Posted February 15, 2013 I more or less agree with the stance the Larry takes in the e-commerce book, and that is that you only need SSL for pages that require sending sensitive info such as login or payment info. For most regular pages, SSL seems unnecessary, but that's just me. Link to comment Share on other sites More sharing options...
Edward Posted February 15, 2013 Share Posted February 15, 2013 I more or less agree with the stance the Larry takes in the e-commerce book, and that is that you only need SSL for pages that require sending sensitive info such as login or payment info. For most regular pages, SSL seems unnecessary, but that's just me. I agree with you on this one. Link to comment Share on other sites More sharing options...
Larry Posted February 15, 2013 Share Posted February 15, 2013 It will hurt performance to use SSL on everything, but you should use SSL on slightly more than you have to, just to reassure the user. That being said, I've noticed a trend of more and more sites using SSL everywhere. Stripe does this, even for its home page and its docs pages. Now maybe they do that just to make it easier to follow logged-in users (because the user pages are SSL), but... Twitter also uses SSL for every page once you're logged in. I don't personally know the justification for this. Maybe they're doing it mostly because they can. Link to comment Share on other sites More sharing options...
HartleySan Posted February 15, 2013 Share Posted February 15, 2013 Maybe they do it because they have found that users subconsciously like the reassurance of that little green lock (or whatever icon) in the URL bar. Link to comment Share on other sites More sharing options...
Edward Posted February 15, 2013 Share Posted February 15, 2013 Twitter was just hacked so they have to do it. Link to comment Share on other sites More sharing options...
Jonathon Posted February 15, 2013 Author Share Posted February 15, 2013 I always browse FB in HTTPS too. I found it interesting that Google said moving Gmail to pure SSL didn't harm performance much. However their servers probably rock. Link to comment Share on other sites More sharing options...
HartleySan Posted February 16, 2013 Share Posted February 16, 2013 Yeah, when you have over a million servers running around the world, I guess SSL wouldn't hurt things much. Also, according to Twitter, the hack was a result of a recent well-documented Java vulnerability. Link to comment Share on other sites More sharing options...
Recommended Posts