Menu
I've seen many threads on SO and they suggest that password can't be securely transferred without SSL. So suppose I've https login page but
Should I switch back to http after user has been authenticated over https (assuming no sensitive information is sent over after login)? Because it might load page a bit faster?
Would it create extra overhead in terms of development (with Zend Framework)? Like maintaining different directory structures and all that.
647
If the data is not sensitive you could switch back to http after authenticating users to get a small speed benefit. You do have to remember to switch to https again if any kind of sensitive data would appear on site (like user profile or such). It may actually be easier to have the whole session always encrypted so you won't have to worry about turning encryption on and off depending on the page contents.
SSL is transparent for developers, you create your app exactly the same as you would for non secure server. You do need to have a SSL certificate that you can buy or generate yourself and set up your server to handle it. Then depending on the protocol (http or https) your session will be or won't be encrypted automatically. So it's a matter of setting correct https:// links for pages where you need an encryption and standard http:// links for other pages.
122
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
