How important is it to use SSL on every page of your website?

Posted by Mark on Stack Overflow See other posts from Stack Overflow or by Mark
Published on 2010-05-24T17:59:44Z Indexed on 2010/05/24 18:51 UTC
Read the original article Hit count: 267

Filed under:
|
|

Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it?

Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service.

It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that.

What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

© Stack Overflow or respective owner

Related posts about security

Related posts about ssl