1

SSL is very important to protecting users private data on your website.

The more I see SSL used on websites; I have noticed that it is not used all the time like Facebook, Ebay, Google (Youtube) etc...

So my question is: Why pay for a SSL and have the ability to encrypt data while it travels over insecure networks (Internet mainly) then not use it on the whole site?. Why only encrypt parts of sites? Why not just force SSL on page load?

It does occur to me that it must be a good reason as it does not slow done the page by having one.

I was thinking of getting a SSL for my website so people can contact me without other people being able to see what they are sending (in case sensitive information really). So should I encrypt the whole site or just that one page.

Thankyou for any help / thoughts on this matter.

Have a good day :)

user3752735
  • 13
  • 2
  • 1
    Many reasons... legacy compatibility, reduction of computer resources (SSL overhead *does* matter at the scale of Facebook), simplifying certificate management... SSL *does* add a bit of complexity, and at the scale of Facebook or Google it's not insignificant. – deceze Jun 18 '14 at 13:44
  • Plus there are software components that just don't support SSL as of now, like Varnish. And Varnish is very useful for PHP based massive websites. More useful than whatever appeal SSL might have for casual users. – ffflabs Jun 18 '14 at 13:45
  • This question appears to be off-topic because it doesn't contain a programming question. – Duncan Jones Jun 18 '14 at 14:54

2 Answers2

0

Why pay for a SSL and have the ability to encrypt data while it travels over insecure networks (Internet mainly) then not use it on the whole site?

In theory a webpage over SSL is slower, so some people avoided putting the whole site under SSL.

Should I encrypt the whole site or just that one page.

The whole site would be easier, and I doubt your site would have any problems with performance based on SSL.

Joe Ratzer
  • 18,176
  • 3
  • 37
  • 51
  • It's not just theory. For high traffic load balanced sites, the load balancers in particular have to be several times more powerful and expensive to handle the same amount of information if it's all encrypted. That said, I think the general direction is towards encrypting all traffic. – Warren Dew Jun 20 '14 at 00:02
  • 1
    @WarrenDew - "in theory" for the website in question - it's so lightweight noticing any difference would be difficult... – Joe Ratzer Jun 20 '14 at 14:35
0

I really appreciate your thinking to make your whole website run over encrypted channel with SSL security. Many websites avoid to use ssl on all webpages, but in my personal opinion; if your website contains account log-in and sign-up on every page then it should be protected.

Whether you are running website over HTTP or HTTPS, it rarely affects website loading time & affect your website performances. In current time attacker always try to attack on website anyhow. Secure transmission of data reduces the risk of hacking and allows user to trust upon your website.

Jay Dan
  • 81
  • 3