«

I am going to have a https protocol in a short time.
Now the question is:
do you think that it would be better to have the same pages both in http and
https?
Or redirect all the pages into https?
Which are the main advantages and disadvantage of the 2 options in your
opinion?

--
Luigi ( un italiano che vive in Svezia)
http://www.scaiecat-spa-gigi.com/de/...ikel-1168.html

On Wed, 22 Dec 2004 18:23:01 GMT, "Luigi Donatello Asero"
<> wrote:

>do you think that it would be better to have the same pages both in http and
>https?

No.

>Or redirect all the pages into https?

Not unless all your traffic contains sensitive data.

Have transactions that will contains secure data use https and
transactions that won't use http.

>Which are the main advantages and disadvantage of the 2 options in your
>opinion?

https: secure.
http: cacheable, faster.

Steve

"Steve Pugh" <> skrev i meddelandet
news:...
> On Wed, 22 Dec 2004 18:23:01 GMT, "Luigi Donatello Asero"
> <> wrote:
>
> >do you think that it would be better to have the same pages both in http
and
> >https?
>
> No.
>
> >Or redirect all the pages into https?
>
> Not unless all your traffic contains sensitive data.
>
> Have transactions that will contains secure data use https and
> transactions that won't use http.
>
> >Which are the main advantages and disadvantage of the 2 options in your
> >opinion?
>
> https: secure.
> http: cacheable, faster.

Do you mean that https pages are not indexed by search engines?
--
Luigi ( un italiano che vive in Svezia)
http://www.scaiecat-spa-gigi.com/de/...ikel-1168.html

"Luigi Donatello Asero" <> wrote:
>"Steve Pugh" <> skrev i meddelandet
>news:.. .
>> "Luigi Donatello Asero" <> wrote:
>>
>> >Which are the main advantages and disadvantage of the 2 options in your
>> >opinion?
>>
>> https: secure.
>> http: cacheable, faster.
>
>Do you mean that https pages are not indexed by search engines?

No I don't mean that. I meant what I said, nothing more.

https pages are indexed by search engines (Google for https and look
at the URL of the third result).

Steve

>> do you think that it would be better to have the same pages both in
http and https?

No. Why do you want to do that ?

Only put the area of the site that has the senstive data behind the
ssl. Every time you huit a page under the ssl the server has to encrypt
and decrypt your pages which affects your client's speed considerably.
Not to mention people that have that "You're going to a secure page"
pop up box enabled.

Only apply it where necessary - like the registraiotn pages, or credit
submission, etc.

There is no need to duplicate the pages if for some reason you *must*
have the enitre site behind ssl - but I can't imagine why you'd want
this.

If you mention what you're trying to accomplish we may be able to help
more.

Luigi Donatello Asero wrote:

> do you think that it would be better to have the same pages both in
> http and https? Or redirect all the pages into https?

Neither. The only pages that you need to have in https are the ones that
contain sensitive data such as credit card payment details etc. So I
would just put these pages there as well as any images that are on those
pages.

--
Dylan Parry
http://webpageworkshop.co.uk -- FREE Web tutorials and references

<> skrev i meddelandet
news: ups.com...
> >> do you think that it would be better to have the same pages both in
> http and https?
>
> No. Why do you want to do that ?
>
> Only put the area of the site that has the senstive data behind the
> ssl. Every time you huit a page under the ssl the server has to encrypt
> and decrypt your pages which affects your client's speed considerably.
> Not to mention people that have that "You're going to a secure page"
> pop up box enabled.
>
> Only apply it where necessary - like the registraiotn pages, or credit
> submission, etc.
>
> There is no need to duplicate the pages if for some reason you *must*
> have the enitre site behind ssl - but I can't imagine why you'd want
> this.
>
> If you mention what you're trying to accomplish we may be able to help
> more.

How can I grant that photo which shows a certain product which is on a http
page really comes from my website?
If the customer has to make a choice, that means whether he or she buys it,
even on the grounds of this photo, it should be on a safe page, shouldn´t
it?
But, in fact, many pages which I have on the website have photos, they are
sometimes photos which show shoes, other times for example holidays lodgings
which I show to offer my intermediation for rent to tourists.
So, the question is whether all these photos must be regarded as a part of
the offer and be placed on safe pages (https)

--
Luigi ( un italiano che vive in Svezia)
http://www.scaiecat-spa-gigi.com/de/...ikel-1168.html

The other option would be not to consider the photos as part of the offer
and may-be let customers print them and send me by snail-post to let me
know which photo they refer to. I could answer their inquiry and confirm
their order if I want to.
In this case the customer would do the proposal to acquire and I would
accept or reject it.
It sounds as the second option is safer.
--
Luigi ( un italiano che vive in Svezia)
http://www.scaiecat-spa-gigi.com/de/...ikel-1168.html

"Luigi Donatello Asero" <> wrote:

>How can I grant that photo which shows a certain product which is on a http
>page really comes from my website?

A user can check the photo's properties to see that it comes from your
server.

That has got nothing to do with https vs http.

>If the customer has to make a choice, that means whether he or she buys it,
>even on the grounds of this photo, it should be on a safe page, shouldn´t
>it?

No.

>But, in fact, many pages which I have on the website have photos, they are
>sometimes photos which show shoes, other times for example holidays lodgings
>which I show to offer my intermediation for rent to tourists.

Are you saying that you would refuse to buy from amazon because the
cover pics for the books aren't on a secure server?

>So, the question is whether all these photos must be regarded as a part of
>the offer and be placed on safe pages (https)

No. https has nothing to do with offering guarantee about the quality
of information on a web site. It is solely concerened with securing
the transfer of information between the browser and the server. It's a
technical solution to the problem of possible interception of http
requests, that's all.

Steve

Luigi Donatello Asero wrote:
> <> skrev i meddelandet
> news: ups.com...
>
>>>>do you think that it would be better to have the same pages both in
>>
>>http and https?
>>
>>No. Why do you want to do that ?
>>
>>Only put the area of the site that has the senstive data behind the
>>ssl. Every time you huit a page under the ssl the server has to encrypt
>>and decrypt your pages which affects your client's speed considerably.
>>Not to mention people that have that "You're going to a secure page"
>>pop up box enabled.
>>
>>Only apply it where necessary - like the registraiotn pages, or credit
>>submission, etc.
>>
>>There is no need to duplicate the pages if for some reason you *must*
>>have the enitre site behind ssl - but I can't imagine why you'd want
>>this.
>>
>>If you mention what you're trying to accomplish we may be able to help
>>more.
>
>
> How can I grant that photo which shows a certain product which is on a http
> page really comes from my website?
> If the customer has to make a choice, that means whether he or she buys it,
> even on the grounds of this photo, it should be on a safe page, shouldn´t
> it?
> But, in fact, many pages which I have on the website have photos, they are
> sometimes photos which show shoes, other times for example holidays lodgings
> which I show to offer my intermediation for rent to tourists.
> So, the question is whether all these photos must be regarded as a part of
> the offer and be placed on safe pages (https)
>

That sounds like overkill to me. You're implying that a hacker (or
wierdo) might, for some reason, intercept a transmission from your site
to a user and replace an image (or the HTML link) of a holiday
destination with a different one?

Oli