Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
991 views
in Technique[技术] by (71.8m points)

security - SSL on entire site or just part of it?

I have a site... let's call it mysite.com. On this site, there's the sign up section which I think should be the secure part of this site.

a) Should I enable ssl on the entire site, or just the sign up part (e.g. signup.mysite.com) b) What are the pros and cons of enabling it for the whole site?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

It depends on what your site serves. If the data it serves is sensitive, then providing a full SSL encrypted connection is a bonus.

But, as others have mentioned you will eat your bandwidth. SSL encrypted data, be it images, HTML pages or other information is not (supposed to be) cached on the client, so every time the user restarts the browser the files are downloaded again.

I would agree with Vinay, provide signon/signup over SSL and then fall back to normal HTTP, then see.

The other approach may be to provide all your static content over HTTP while all the sensitive content over HTTPS (e.g. if you use systems like ExtJS then the pages are static files and the data is all retrieved via AJAX).

Of course, if you're serving sensitive information (e.g. banking information) where the data itself is always sensitive then go full SSL and eat the costs.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...