I note that the xp-dev.com website (delegated SVN space) offers a regular HTTP login page but this page then has link to a "secure login" which is a login page but under SSL.
I wonder what the point of defaulting to HTTP was when surely an SSL login page would be better anyway?
Is it a browser compatibility issue? Do any other websites do this?
-
Some broswer or script will not accept SSL, so unless SSL is really mandatory (it's mandatory when you will submit/access sensitive data CreditCard number, .. ) it's generally a good idea to keep an HTTP login page for people that can't use SSL.
In your case it's more likely that information on this site when your are logged is not very confidential (I mean it's not you bank account) so they choose to offer a default HTTP login page, this use less CPU on server (SSL use a lot of CPU) but they still allow HTTPS login for user wanting more security. (or think that their network can be sniffed)
Webnet : What browsers don't accept SSL?radius : Take a unix and build a webbroswer and don't link to openssl/gnutls and you get a broswer that don't support SSL. Take a quite old computer and you get a broswer supporting SSL but the SSL stack me be to old to work with some website... I agree that it's not commun but this existDougal : "it's generally a good idea to keep an HTTP login page for people that can't use SSL." but could you give me any examples of websites doing this? Why I ask the original Q is because I've never seen it anywhere else, only xp-dev.comFrom radius -
SSL is a big hit for sever performance compared with http, so I would guess that the webmaster is worried about scalability. The visitors who are concerned about high security can make the extra click to use the SSL login.
Dougal : Aha~, I would guess that scalability is pretty high on their concerns list. Interesting info, thanks.From rleir
0 comments:
Post a Comment