http and https

Discussion in 'HTML' started by Luigi Donatello Asero, Dec 22, 2004.

  1. I am going to have a https protocol in a short time.
    Now the question is:
    do you think that it would be better to have the same pages both in http and
    https?
    Or redirect all the pages into https?
    Which are the main advantages and disadvantage of the 2 options in your
    opinion?

    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 22, 2004
    #1
    1. Advertising

  2. Luigi Donatello Asero

    Steve Pugh Guest

    On Wed, 22 Dec 2004 18:23:01 GMT, "Luigi Donatello Asero"
    <> wrote:

    >do you think that it would be better to have the same pages both in http and
    >https?


    No.

    >Or redirect all the pages into https?


    Not unless all your traffic contains sensitive data.

    Have transactions that will contains secure data use https and
    transactions that won't use http.

    >Which are the main advantages and disadvantage of the 2 options in your
    >opinion?


    https: secure.
    http: cacheable, faster.

    Steve
     
    Steve Pugh, Dec 22, 2004
    #2
    1. Advertising

  3. "Steve Pugh" <> skrev i meddelandet
    news:...
    > On Wed, 22 Dec 2004 18:23:01 GMT, "Luigi Donatello Asero"
    > <> wrote:
    >
    > >do you think that it would be better to have the same pages both in http

    and
    > >https?

    >
    > No.
    >
    > >Or redirect all the pages into https?

    >
    > Not unless all your traffic contains sensitive data.
    >
    > Have transactions that will contains secure data use https and
    > transactions that won't use http.
    >
    > >Which are the main advantages and disadvantage of the 2 options in your
    > >opinion?

    >
    > https: secure.
    > http: cacheable, faster.


    Do you mean that https pages are not indexed by search engines?
    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 22, 2004
    #3
  4. Luigi Donatello Asero

    Steve Pugh Guest

    "Luigi Donatello Asero" <> wrote:
    >"Steve Pugh" <> skrev i meddelandet
    >news:...
    >> "Luigi Donatello Asero" <> wrote:
    >>
    >> >Which are the main advantages and disadvantage of the 2 options in your
    >> >opinion?

    >>
    >> https: secure.
    >> http: cacheable, faster.

    >
    >Do you mean that https pages are not indexed by search engines?


    No I don't mean that. I meant what I said, nothing more.

    https pages are indexed by search engines (Google for https and look
    at the URL of the third result).

    Steve
     
    Steve Pugh, Dec 22, 2004
    #4
  5. Luigi Donatello Asero

    Guest

    >> do you think that it would be better to have the same pages both in
    http and https?

    No. Why do you want to do that ?

    Only put the area of the site that has the senstive data behind the
    ssl. Every time you huit a page under the ssl the server has to encrypt
    and decrypt your pages which affects your client's speed considerably.
    Not to mention people that have that "You're going to a secure page"
    pop up box enabled.

    Only apply it where necessary - like the registraiotn pages, or credit
    submission, etc.

    There is no need to duplicate the pages if for some reason you *must*
    have the enitre site behind ssl - but I can't imagine why you'd want
    this.

    If you mention what you're trying to accomplish we may be able to help
    more.
     
    , Dec 22, 2004
    #5
  6. Luigi Donatello Asero

    Dylan Parry Guest

    Luigi Donatello Asero wrote:

    > do you think that it would be better to have the same pages both in
    > http and https? Or redirect all the pages into https?


    Neither. The only pages that you need to have in https are the ones that
    contain sensitive data such as credit card payment details etc. So I
    would just put these pages there as well as any images that are on those
    pages.

    --
    Dylan Parry
    http://webpageworkshop.co.uk -- FREE Web tutorials and references
     
    Dylan Parry, Dec 22, 2004
    #6
  7. <> skrev i meddelandet
    news:...
    > >> do you think that it would be better to have the same pages both in

    > http and https?
    >
    > No. Why do you want to do that ?
    >
    > Only put the area of the site that has the senstive data behind the
    > ssl. Every time you huit a page under the ssl the server has to encrypt
    > and decrypt your pages which affects your client's speed considerably.
    > Not to mention people that have that "You're going to a secure page"
    > pop up box enabled.
    >
    > Only apply it where necessary - like the registraiotn pages, or credit
    > submission, etc.
    >
    > There is no need to duplicate the pages if for some reason you *must*
    > have the enitre site behind ssl - but I can't imagine why you'd want
    > this.
    >
    > If you mention what you're trying to accomplish we may be able to help
    > more.


    How can I grant that photo which shows a certain product which is on a http
    page really comes from my website?
    If the customer has to make a choice, that means whether he or she buys it,
    even on the grounds of this photo, it should be on a safe page, shouldn´t
    it?
    But, in fact, many pages which I have on the website have photos, they are
    sometimes photos which show shoes, other times for example holidays lodgings
    which I show to offer my intermediation for rent to tourists.
    So, the question is whether all these photos must be regarded as a part of
    the offer and be placed on safe pages (https)

    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 22, 2004
    #7
  8. The other option would be not to consider the photos as part of the offer
    and may-be let customers print them and send me by snail-post to let me
    know which photo they refer to. I could answer their inquiry and confirm
    their order if I want to.
    In this case the customer would do the proposal to acquire and I would
    accept or reject it.
    It sounds as the second option is safer.
    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 22, 2004
    #8
  9. Luigi Donatello Asero

    Steve Pugh Guest

    "Luigi Donatello Asero" <> wrote:

    >How can I grant that photo which shows a certain product which is on a http
    >page really comes from my website?


    A user can check the photo's properties to see that it comes from your
    server.

    That has got nothing to do with https vs http.

    >If the customer has to make a choice, that means whether he or she buys it,
    >even on the grounds of this photo, it should be on a safe page, shouldn´t
    >it?


    No.

    >But, in fact, many pages which I have on the website have photos, they are
    >sometimes photos which show shoes, other times for example holidays lodgings
    >which I show to offer my intermediation for rent to tourists.


    Are you saying that you would refuse to buy from amazon because the
    cover pics for the books aren't on a secure server?

    >So, the question is whether all these photos must be regarded as a part of
    >the offer and be placed on safe pages (https)


    No. https has nothing to do with offering guarantee about the quality
    of information on a web site. It is solely concerened with securing
    the transfer of information between the browser and the server. It's a
    technical solution to the problem of possible interception of http
    requests, that's all.

    Steve
     
    Steve Pugh, Dec 22, 2004
    #9
  10. Luigi Donatello Asero

    Oli Filth Guest

    Luigi Donatello Asero wrote:
    > <> skrev i meddelandet
    > news:...
    >
    >>>>do you think that it would be better to have the same pages both in

    >>
    >>http and https?
    >>
    >>No. Why do you want to do that ?
    >>
    >>Only put the area of the site that has the senstive data behind the
    >>ssl. Every time you huit a page under the ssl the server has to encrypt
    >>and decrypt your pages which affects your client's speed considerably.
    >>Not to mention people that have that "You're going to a secure page"
    >>pop up box enabled.
    >>
    >>Only apply it where necessary - like the registraiotn pages, or credit
    >>submission, etc.
    >>
    >>There is no need to duplicate the pages if for some reason you *must*
    >>have the enitre site behind ssl - but I can't imagine why you'd want
    >>this.
    >>
    >>If you mention what you're trying to accomplish we may be able to help
    >>more.

    >
    >
    > How can I grant that photo which shows a certain product which is on a http
    > page really comes from my website?
    > If the customer has to make a choice, that means whether he or she buys it,
    > even on the grounds of this photo, it should be on a safe page, shouldn´t
    > it?
    > But, in fact, many pages which I have on the website have photos, they are
    > sometimes photos which show shoes, other times for example holidays lodgings
    > which I show to offer my intermediation for rent to tourists.
    > So, the question is whether all these photos must be regarded as a part of
    > the offer and be placed on safe pages (https)
    >


    That sounds like overkill to me. You're implying that a hacker (or
    wierdo) might, for some reason, intercept a transmission from your site
    to a user and replace an image (or the HTML link) of a holiday
    destination with a different one?

    Oli
     
    Oli Filth, Dec 22, 2004
    #10
  11. "Oli Filth" <> skrev i meddelandet
    news:cnmyd.1790$...
    > Luigi Donatello Asero wrote:
    > > <> skrev i meddelandet
    > > news:...
    > >
    > >>>>do you think that it would be better to have the same pages both in
    > >>
    > >>http and https?
    > >>
    > >>No. Why do you want to do that ?
    > >>
    > >>Only put the area of the site that has the senstive data behind the
    > >>ssl. Every time you huit a page under the ssl the server has to encrypt
    > >>and decrypt your pages which affects your client's speed considerably.
    > >>Not to mention people that have that "You're going to a secure page"
    > >>pop up box enabled.
    > >>
    > >>Only apply it where necessary - like the registraiotn pages, or credit
    > >>submission, etc.
    > >>
    > >>There is no need to duplicate the pages if for some reason you *must*
    > >>have the enitre site behind ssl - but I can't imagine why you'd want
    > >>this.
    > >>
    > >>If you mention what you're trying to accomplish we may be able to help
    > >>more.

    > >
    > >
    > > How can I grant that photo which shows a certain product which is on a

    http
    > > page really comes from my website?
    > > If the customer has to make a choice, that means whether he or she buys

    it,
    > > even on the grounds of this photo, it should be on a safe page,

    shouldn´t
    > > it?
    > > But, in fact, many pages which I have on the website have photos, they

    are
    > > sometimes photos which show shoes, other times for example holidays

    lodgings
    > > which I show to offer my intermediation for rent to tourists.
    > > So, the question is whether all these photos must be regarded as a part

    of
    > > the offer and be placed on safe pages (https)
    > >

    >
    > That sounds like overkill to me. You're implying that a hacker (or
    > wierdo) might, for some reason, intercept a transmission from your site
    > to a user and replace an image (or the HTML link) of a holiday
    > destination with a different one?
    >
    > Oli



    Yes


    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 22, 2004
    #11
  12. Luigi Donatello Asero

    Dylan Parry Guest

    Luigi Donatello Asero wrote:

    >>That sounds like overkill to me. You're implying that a hacker (or
    >>wierdo) might, for some reason, intercept a transmission from your site
    >>to a user and replace an image (or the HTML link) of a holiday
    >>destination with a different one?

    >
    > Yes


    Be realistic. Why the hell would anyone want to go to all the trouble of
    doing that?

    --
    Dylan Parry
    http://webpageworkshop.co.uk -- FREE Web tutorials and references
     
    Dylan Parry, Dec 22, 2004
    #12
  13. Luigi Donatello Asero

    Oli Filth Guest

    Luigi Donatello Asero wrote:
    > "Oli Filth" <> skrev i meddelandet
    > news:cnmyd.1790$...

    <snip>
    >>
    >>That sounds like overkill to me. You're implying that a hacker (or
    >>wierdo) might, for some reason, intercept a transmission from your site
    >>to a user and replace an image (or the HTML link) of a holiday
    >>destination with a different one?
    >>
    >>Oli

    >
    >
    >
    > Yes
    >
    >


    How often do you hear about that happening? 99.99999999% (don't quote me
    on that ;)) of the world's websites get along fine without needing to
    send their general images via SSL or some other secure method.

    SSL and HTTPS are designed to secure things like credit-card info,
    passwords, etc., not entire sites and big things like photos.

    Oli
     
    Oli Filth, Dec 22, 2004
    #13
  14. Luigi Donatello Asero

    rf Guest

    Luigi Donatello Asero wrote:
    > "Oli Filth" <> skrev i meddelandet
    > news:cnmyd.1790$...


    > > That sounds like overkill to me. You're implying that a hacker (or
    > > wierdo) might, for some reason, intercept a transmission from your site
    > > to a user and replace an image (or the HTML link) of a holiday
    > > destination with a different one?
    > >
    > > Oli


    > Yes


    Paranoia :)

    You had better lock up your server in a safe place away from any internet
    connection as well.

    It would be *far* easier to simply hack your server than it would be to
    change the traffic coming from it to point to a different image.

    --
    Cheers
    Richard.
     
    rf, Dec 22, 2004
    #14
  15. "Dylan Parry" <> skrev i meddelandet
    news:...
    > Luigi Donatello Asero wrote:
    >
    > >>That sounds like overkill to me. You're implying that a hacker (or
    > >>wierdo) might, for some reason, intercept a transmission from your site
    > >>to a user and replace an image (or the HTML link) of a holiday
    > >>destination with a different one?

    > >
    > > Yes

    >
    > Be realistic. Why the hell would anyone want to go to all the trouble of
    > doing that?


    Did you have a look at http://ebusinesslex.net ?
    There are many things to think about when you offer e-commerce as much as it
    regards liability.
    There is no large procentage of customers buying on internet in the European
    Union, yet.
    On this subject, mistrust seems to be a key-word concerning e-commerce.
    If we are interested to the development of e-commerce, we should do
    something to make it safer and that is what I am trying to do.

    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html



    I
     
    Luigi Donatello Asero, Dec 22, 2004
    #15
  16. Luigi Donatello Asero

    Dylan Parry Guest

    Luigi Donatello Asero wrote:

    > Did you have a look at http://ebusinesslex.net ?


    Yes, thank you.

    > There are many things to think about when you offer e-commerce as much as it
    > regards liability.


    Such as causing download delays and possibly an alert message about
    secure pages?

    > There is no large procentage of customers buying on internet in the European
    > Union, yet.


    And causing download delays and possibly an alert message about secure
    pages will solve this?

    > On this subject, mistrust seems to be a key-word concerning e-commerce.
    > If we are interested to the development of e-commerce, we should do


    Oh I see, so causing download delays and possibly an alert message about
    secure pages is the obvious solution.

    --
    Dylan Parry
    http://webpageworkshop.co.uk -- FREE Web tutorials and references
     
    Dylan Parry, Dec 23, 2004
    #16
  17. "Dylan Parry" <> skrev i meddelandet
    news:...
    > Luigi Donatello Asero wrote:
    >
    > > Did you have a look at http://ebusinesslex.net ?

    >
    > Yes, thank you.
    >
    > > There are many things to think about when you offer e-commerce as much

    as it
    > > regards liability.

    >
    > Such as causing download delays and possibly an alert message about
    > secure pages?
    >
    > > There is no large procentage of customers buying on internet in the

    European
    > > Union, yet.

    >
    > And causing download delays and possibly an alert message about secure
    > pages will solve this?
    >
    > > On this subject, mistrust seems to be a key-word concerning e-commerce.
    > > If we are interested to the development of e-commerce, we should do

    >
    > Oh I see, so causing download delays and possibly an alert message about
    > secure pages is the obvious solution.


    May-be that it would be useful if you should read the contents of the site
    http://ebusinesslex.net after having a look.

    --
    Luigi ( un italiano che vive in Svezia)
    http://www.scaiecat-spa-gigi.com/de/schuhe-artikel-1168.html
     
    Luigi Donatello Asero, Dec 23, 2004
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jerry III

    Re: Switching Between HTTP and HTTPS

    Jerry III, Oct 15, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    936
    Jerry III
    Oct 15, 2003
  2. Darren Clark

    asp.net and chaning betten http and https

    Darren Clark, Aug 20, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    611
    Patrice
    Aug 20, 2004
  3. Axel
    Replies:
    8
    Views:
    1,109
    Adrienne Boswell
    Apr 27, 2009
  4. jotto
    Replies:
    4
    Views:
    398
    jotto
    Oct 2, 2006
  5. Naveen Dhanuka
    Replies:
    1
    Views:
    288
Loading...

Share This Page