> > Switching back to http was an old habit: five years ago, when internet > > bandwidth were really narrow and cpu power wasn't that high, it could > > have made a difference. Today these are not anymore issues. I > would try > > to stress this fact and the security issues the http/https mixup may > > arise. > > There are actual reasons for switching back. E.g., we use Google > Analytics, which requires linking to an external JavaScript file. The > file is only hosted on HTTP. If I link to it from an HTTPS page, > IE pops > up and says "this page mixes secure and insecure resources -- do > you want > to continue?" The solution is to remove the link from any page accessed > via HTTPS. If I can't switch back to HTTP, however, then it's a moot > point because things will still break when users look at anything > else on > the site.
I would condition the google .js link to the http connection type... A user accessing my site from google would start surfing in http mode, not https, so the google's .js can still work. If he/she enters in a safe area, well, google analytics is a fine feature but is far less important than security and privacy to me. > It seems to me that if you're going to advocate not switching from HTTPS > back to HTTP, then you're advocating not to bother with HTTP in > the first > place . . . Nah! Search engine don't access https and lazily browsing a site wouldn't require an https link as well. Nobody would advocate http support. But, again, when you enter an https there is a reason (a login or a credit card input form, in example). Once you input this kind of data, your session then contains private and important data. It must be protected by then. > -- > Kevin giampaolo > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
