[ZendTo] Re: Forcing all logins to HTTPS

ROGERS Richard Richard.Rogers at staffs.ac.uk
Mon Sep 12 08:44:50 BST 2011


Fair enough! I hadn’t realised the overhead was so low.

Thanks and regards

Richard

From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Julian Field
Sent: 09 September 2011 20:09
To: ZendTo Users
Subject: [ZendTo] Re: Forcing all logins to HTTPS

SSL is actually almost no overhead whatsoever. Google recently did a load of research work into this and worked out the CPU overhead is actually less than 1%, making it not wor worrying about. This is why they have gone totally https, it costs almost nothing to do.

So please just leave the site working all https. I won't help you with all the wrangling and editing required to make only logins work https and everything http. It's not worth the bother. Sorry.

--
Jules

On 9 Sep 2011, at 11:40 AM, ROGERS Richard <Richard.Rogers at staffs.ac.uk<mailto:Richard.Rogers at staffs.ac.uk>> wrote:
Hi –

Progressing now with getting this ready for launch… Now I’m looking at ensuring that usernames/passwords are passed through an HTTPS (SSL) connection (and then flicking back to HTTP for the actual file transfer stage, where SSL seems an unnecessary overhead).

This hasn’t been a problem for most pages (a simple Rewrite in the Apache config file has dealt with it), but I have hit a bit of an “edge case”, where if you click on Drop-off on the “home” page, you are returned to HTTP (I’m treating claim codes as “non-sensitive”), but then clicking the Login button on the top menu brings up the login dialog embedded in the verify.php page, without returning to HTTPS. As there seems to be a javascript catching the link and displaying this, I’m not sure how to get round this. Any suggestions (is there a “right way” to achieve what I’m looking for?)

Thanks and regards

Richard

--
Richard Rogers
Principal IT Officer, Client Technology and Applications
Information Services, Staffordshire University
Tel. 01785-353785

_______________________________________________
ZendTo mailing list
ZendTo at zend.to<mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110912/35acc982/attachment.html 


More information about the ZendTo mailing list