Should I host my entire web application using https?

Posted by user54455 on Server Fault See other posts from Server Fault or by user54455
Published on 2010-11-11T10:45:40Z Indexed on 2011/01/04 14:55 UTC
Read the original article Hit count: 150

Filed under:
|
|
|
|

Actually my only requirement for using SSL encryption is that when a user logs in, the password is transferred encrypted. However after reading a bit about protocol switching, that an HTTPS session can't be taken over as an HTTP session etc. I've been asking myself if it's so bad to just have the entire application use HTTPS only.

What are the reasons against it and how would you rate their importance? Please also mention:

  • How much performance do I lose on server side (roughly)?
  • How much performance do I lose on client side (roughly)?
  • Any other problems on server / client side?

© Server Fault or respective owner

Related posts about security

Related posts about Performance