http and https

[Luigi Donatello Asero]

I am going to have a https protocol in a short time.
Now the question is:
do you think that it would be better to have the same pages both in http and
https?
Or redirect all the pages into https?
Which are the main advantages and disadvantage of the 2 options in your
opinion?

 

[Steve Pugh]

do you think that it would be better to have the same pages both in http and
https?
No.

Or redirect all the pages into https?

Not unless all your traffic contains sensitive data.

Have transactions that will contains secure data use https and
transactions that won't use http.

Which are the main advantages and disadvantage of the 2 options in your
opinion?

https: secure.
http: cacheable, faster.

Steve

 

[Luigi Donatello Asero]

Not unless all your traffic contains sensitive data.

Have transactions that will contains secure data use https and
transactions that won't use http.


https: secure.
http: cacheable, faster.

Do you mean that https pages are not indexed by search engines?

 

[Steve Pugh]

Do you mean that https pages are not indexed by search engines?

No I don't mean that. I meant what I said, nothing more.

https pages are indexed by search engines (Google for https and look
at the URL of the third result).

Steve

 

[david.hunter]

do you think that it would be better to have the same pages both in
http and https?

No. Why do you want to do that ?

Only put the area of the site that has the senstive data behind the
ssl. Every time you huit a page under the ssl the server has to encrypt
and decrypt your pages which affects your client's speed considerably.
Not to mention people that have that "You're going to a secure page"
pop up box enabled.

Only apply it where necessary - like the registraiotn pages, or credit
submission, etc.

There is no need to duplicate the pages if for some reason you *must*
have the enitre site behind ssl - but I can't imagine why you'd want
this.

If you mention what you're trying to accomplish we may be able to help
more.

 

[Dylan Parry]

do you think that it would be better to have the same pages both in
http and https? Or redirect all the pages into https?

Neither. The only pages that you need to have in https are the ones that
contain sensitive data such as credit card payment details etc. So I
would just put these pages there as well as any images that are on those
pages.

 

[Luigi Donatello Asero]

http and https?

No. Why do you want to do that ?

Only put the area of the site that has the senstive data behind the
ssl. Every time you huit a page under the ssl the server has to encrypt
and decrypt your pages which affects your client's speed considerably.
Not to mention people that have that "You're going to a secure page"
pop up box enabled.

Only apply it where necessary - like the registraiotn pages, or credit
submission, etc.

There is no need to duplicate the pages if for some reason you *must*
have the enitre site behind ssl - but I can't imagine why you'd want
this.

If you mention what you're trying to accomplish we may be able to help
more.

How can I grant that photo which shows a certain product which is on a http
page really comes from my website?
If the customer has to make a choice, that means whether he or she buys it,
even on the grounds of this photo, it should be on a safe page, shouldn´t
it?
But, in fact, many pages which I have on the website have photos, they are
sometimes photos which show shoes, other times for example holidays lodgings
which I show to offer my intermediation for rent to tourists.
So, the question is whether all these photos must be regarded as a part of
the offer and be placed on safe pages (https)

 

[Luigi Donatello Asero]

The other option would be not to consider the photos as part of the offer
and may-be let customers print them and send me by snail-post to let me
know which photo they refer to. I could answer their inquiry and confirm
their order if I want to.
In this case the customer would do the proposal to acquire and I would
accept or reject it.
It sounds as the second option is safer.

 

[Steve Pugh]

How can I grant that photo which shows a certain product which is on a http
page really comes from my website?

A user can check the photo's properties to see that it comes from your
server.

That has got nothing to do with https vs http.

If the customer has to make a choice, that means whether he or she buys it,
even on the grounds of this photo, it should be on a safe page, shouldn´t
it?
No.

But, in fact, many pages which I have on the website have photos, they are
sometimes photos which show shoes, other times for example holidays lodgings
which I show to offer my intermediation for rent to tourists.

Are you saying that you would refuse to buy from amazon because the
cover pics for the books aren't on a secure server?

So, the question is whether all these photos must be regarded as a part of
the offer and be placed on safe pages (https)

No. https has nothing to do with offering guarantee about the quality
of information on a web site. It is solely concerened with securing
the transfer of information between the browser and the server. It's a
technical solution to the problem of possible interception of http
requests, that's all.

Steve

 

[Oli Filth]

How can I grant that photo which shows a certain product which is on a http
page really comes from my website?
If the customer has to make a choice, that means whether he or she buys it,
even on the grounds of this photo, it should be on a safe page, shouldn´t
it?
But, in fact, many pages which I have on the website have photos, they are
sometimes photos which show shoes, other times for example holidays lodgings
which I show to offer my intermediation for rent to tourists.
So, the question is whether all these photos must be regarded as a part of
the offer and be placed on safe pages (https)

That sounds like overkill to me. You're implying that a hacker (or
wierdo) might, for some reason, intercept a transmission from your site
to a user and replace an image (or the HTML link) of a holiday
destination with a different one?

Oli

 

[Luigi Donatello Asero]

That sounds like overkill to me. You're implying that a hacker (or
wierdo) might, for some reason, intercept a transmission from your site
to a user and replace an image (or the HTML link) of a holiday
destination with a different one?

Oli

Yes

 

[Dylan Parry]

Yes

Be realistic. Why the hell would anyone want to go to all the trouble of
doing that?

 

[Oli Filth]

"Oli Filth" <[email protected]> skrev i meddelandet




Yes

How often do you hear about that happening? 99.99999999% (don't quote me
on that ) of the world's websites get along fine without needing to
send their general images via SSL or some other secure method.

SSL and HTTPS are designed to secure things like credit-card info,
passwords, etc., not entire sites and big things like photos.

Oli

 

[rf]

"Oli Filth" <[email protected]> skrev i meddelandet

Yes

Paranoia

You had better lock up your server in a safe place away from any internet
connection as well.

It would be *far* easier to simply hack your server than it would be to
change the traffic coming from it to point to a different image.

 

[Luigi Donatello Asero]

Be realistic. Why the hell would anyone want to go to all the trouble of
doing that?

Did you have a look at http://ebusinesslex.net ?
There are many things to think about when you offer e-commerce as much as it
regards liability.
There is no large procentage of customers buying on internet in the European
Union, yet.
On this subject, mistrust seems to be a key-word concerning e-commerce.
If we are interested to the development of e-commerce, we should do
something to make it safer and that is what I am trying to do.

--
Luigi ( un italiano che vive in Svezia)
http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html



I

 

[Dylan Parry]

Did you have a look at http://ebusinesslex.net ?

Yes, thank you.

There are many things to think about when you offer e-commerce as much as it
regards liability.

Such as causing download delays and possibly an alert message about
secure pages?

There is no large procentage of customers buying on internet in the European
Union, yet.

And causing download delays and possibly an alert message about secure
pages will solve this?

On this subject, mistrust seems to be a key-word concerning e-commerce.
If we are interested to the development of e-commerce, we should do

Oh I see, so causing download delays and possibly an alert message about
secure pages is the obvious solution.

 

[Luigi Donatello Asero]

Yes, thank you.


Such as causing download delays and possibly an alert message about
secure pages?


And causing download delays and possibly an alert message about secure
pages will solve this?


Oh I see, so causing download delays and possibly an alert message about
secure pages is the obvious solution.

May-be that it would be useful if you should read the contents of the site
http://ebusinesslex.net after having a look.