Disadvantages to site-wide SSL?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

Disadvantages to site-wide SSL?

Post by batfastad »

Hi everyone

Just a quick question. Are there any reasons why you wouldn't have your entire site defaulting to an SSL encrypted connection?

The one I can think of is if you're planning on pulling in remote images/scripts from a non-secure site. That would give you security errors.

But is there any performance reasons why I shouldn't?
A site I'm working on is an e-commerce subscription database and should all be self-contained.

Just wondered if there's any best-practice/performance issues which mean I should only use SSL when its needed to encrypt data between client and server

Cheers, B
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Disadvantages to site-wide SSL?

Post by onion2k »

The performance hit using SSL is actually quite high - on a site with a lot of traffic you'll really notice the difference. But on one that's not getting loads of visitors there's no good reason not to.
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

Re: Disadvantages to site-wide SSL?

Post by batfastad »

Yeah I have noticed that many large sites (ebay, amazon) only use SSL when needed... when user credentials are being transferred etc.

I reckon I'll go for it on the main ordering and all the login-protected pages. But the general info pages I won't bother.
Then monitor the account load to see how I go.

To be honest this site will be dealing with max 2,000 subscribers and it's unlikely they'll all be using the site at the same time!
Obviously we would love to have so many subscribers that this becomes a problem though!

Cheers, B
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Disadvantages to site-wide SSL?

Post by kaisellgren »

Eavesdropping is easy. Just find yourself a public WiFi and get started. Next you will see a bunch of session identifiers and plain-text password cookies on your screen. I just wish we could live in a world of no plain-text HTTP. By the way, SourceForge uses SSL all the way through their protected pages.
Post Reply