On Sun, 18 Jun 2006 12:41:43 -0400, Giampaolo Tomassoni
<[EMAIL PROTECTED]> wrote:
I'm really getting pissed about this (and feeling more and more stupid
after each new failed attempt). Especially since the constraint to mix
HTTP and HTTPS pages has been forced upon me with the explanation that
everybody does it due to bad performance of HTTPS, which I'd give my
right arm if we would ever see in this particular application. :-(
Switching back to http was an old habit: five years ago, when internet
bandwidth were really narrow and cpu power wasn't that high, it could
have made a difference. Today these are not anymore issues. I would try
to stress this fact and the security issues the http/https mixup may
arise.
There are actual reasons for switching back. E.g., we use Google
Analytics, which requires linking to an external JavaScript file. The
file is only hosted on HTTP. If I link to it from an HTTPS page, IE pops
up and says "this page mixes secure and insecure resources -- do you want
to continue?" The solution is to remove the link from any page accessed
via HTTPS. If I can't switch back to HTTP, however, then it's a moot
point because things will still break when users look at anything else on
the site.
It seems to me that if you're going to advocate not switching from HTTPS
back to HTTP, then you're advocating not to bother with HTTP in the first
place . . .
--
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
