[ZendTo] Re: Forcing all logins to HTTPS

[Julian Field]

SSL is actually almost no overhead whatsoever. Google recently did a load of research work into this and worked out the CPU overhead is actually less than 1%, making it not wor worrying about. This is why they have gone totally https, it costs almost nothing to do.

So please just leave the site working all https. I won't help you with all the wrangling and editing required to make only logins work https and everything http. It's not worth the bother. Sorry.

-- 
Jules

On 9 Sep 2011, at 11:40 AM, ROGERS Richard <Richard.Rogers at staffs.ac.uk> wrote:

> Hi –
>  
> Progressing now with getting this ready for launch… Now I’m looking at ensuring that usernames/passwords are passed through an HTTPS (SSL) connection (and then flicking back to HTTP for the actual file transfer stage, where SSL seems an unnecessary overhead).
>  
> This hasn’t been a problem for most pages (a simple Rewrite in the Apache config file has dealt with it), but I have hit a bit of an “edge case”, where if you click on Drop-off on the “home” page, you are returned to HTTP (I’m treating claim codes as “non-sensitive”), but then clicking the Login button on the top menu brings up the login dialog embedded in the verify.php page, without returning to HTTPS. As there seems to be a javascript catching the link and displaying this, I’m not sure how to get round this. Any suggestions (is there a “right way” to achieve what I’m looking for?)
>  
> Thanks and regards
>  
> Richard
>  
> --
> Richard Rogers
> Principal IT Officer, Client Technology and Applications
> Information Services, Staffordshire University
> Tel. 01785-353785
>  
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110909/0de540c1/attachment.html