All, Thanks for the thoughtful advice and replies. To answer a few questions, belatedly, yes it would be an option to move the admin tools to another instance of TC, as Leo suggested -- in a way a better one, since it wouldn't need session replication, could exist on a single server since the traffic would be be trivial, and would be potentially more secure. I'll probably do this in the long term.
If not that, then url-rewrites or a filter to bounce users out of https is another simpler option, as Chris suggested. Based on the information about SSL not being that expensive, I'll just leave it in for now, at the clients discretion, as Charles originally suggested. Our user base is probably not going to suddenly all jump on https, so I can watch and see if it affects performance. The area that mandatorily requires SSL is configured with a security constraint -- for the rest of the site, I'll leave it up to the user. Best, John
