Topic: What parts of a site should use SSL? Pages that link to <a href="https://ozoneasylum.com/backlink?for=23309" title="Pages that link to Topic: What parts of a site should use SSL?" rel="nofollow" >Topic: What parts of a site should use SSL?\

 
Author Thread
H][RO
Bipolar (III) Inmate

From: Australia
Insane since: Oct 2002

IP logged posted posted 09-15-2004 14:10 Edit Quote

Hi all, just wondering with SSL Certificates etc, what part of the site should actually use it. From what i (think) i know the SSL basically encrypts the data that the user sends from the client side to the server, keeping it from prying eyes.

So..
Im just wondering.
For a standard login, where people login to get to a "members" section and that sort of thing, does it need to use encryption?
I mean forums generally dont seem to use ssl, so i mnot sure if a member section would require it.

furthering that, for a shopping cart, where you actually select your products, does that need encryption? Obviously the part where you enter the personal data and CC info does need to be, but what is the advantage of putting the selecting products part of the site as secure.

Thanks all for the thoughts

DmS
Maniac (V) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

IP logged posted posted 09-15-2004 17:26 Edit Quote

Basically I'd make sure that pages that transmits and recieves personal data that you'd like to keep between the user and the server encrypted.

That would in a shoppingcart situation probaly apply to the checkout page and whatever follows in the process of that site.

in a normal members section of a site I wouldn't bother with ssl unless it was some sort of document sharing going on, for example a client-login to a project area sor something similar. Protecting a clients business data is at leas as important to them as CC info.

You should be aware that SSL slows down the pages and put an extra load on the server so if you run a high-traffic site you should be careful on what you encrypt and not.

I don't know how to do this myself, but I've seen a linux admin setup a dedicated server for a big portal where he configured it so all images came over normal http and the data went over https in order to minimize the load.
As I said, I don't know how to do that, but I guess you'd have to have a lot of control over the server to be able to set that up, also It would probably not be nessecarry in most situations we deal with as single or small business developers. But you never know

/Dan

{cell 260} {Blog}
-{ ?Computer games don?t affect kids; I mean if Pac-Man affected us as kids, we?d all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music.? (Kristian Wilson, Nintendo, Inc, 1989.) }-



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu