Re: ssl in portions of my site
From: karl [x y] (jamescagney90210@excite.com)
Date: 07/30/02
- Next message: karl [x y]: "Re: Help! Need to find broken links"
- Previous message: Consultant®: "Re: ssl in portions of my site"
- In reply to: jpreza: "ssl in portions of my site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "karl [x y]" <jamescagney90210@excite.com> Date: Tue, 30 Jul 2002 13:57:54 -0400
"jpreza" <jpreza1@hotmail.com> wrote in message
news:38c101c237de$f525ae70$3aef2ecf@TKMSFTNGXA09...
> Can I apply SSL on only a portion of a website? Instead
> of the entire site???
Be careful... if you accidentally remove anonymous logon and add basic
authentication or windows authentication to a file or folder, but forget to
use or require SSL for that folder, you could end up sending unencrypted
passwords across the internet in plain text over a regular http://
connection. For example, if you have an unencrypted http:// folder with an
.HTM or .ASP page that calls images from the \images\ folder somewhere else
on the web site, and the \images\ folder does not allow anonymous browsing,
then the password could be sent in plain text.
Also, some of your users may have their IE settings to give them a popup box
whenever the mode changes from HTTPS to HTTP and vice versa or if a page
contains some HTTP and some HTTPS elements. This popup box can get
annoying, although you could argue that it's their responsibility to get rid
of this, since this is a setting that you can't control. On the other hand,
using HTTPS only where it is needed can theoretically speed up the web
browsing experience and reduce the CPU load on the web server.
- Next message: karl [x y]: "Re: Help! Need to find broken links"
- Previous message: Consultant®: "Re: ssl in portions of my site"
- In reply to: jpreza: "ssl in portions of my site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
