was being submitted did not need to be an https page. He was correct, of
course, but nobody would enter their credit card number on that page. His
boss helped him to see the light.
I think that users like to see https anywhere that any personal information
is displayed, technology notwithstanding.
Cary Gordon
The Cherry Hill Company
________________________________
From: Andy Ousterhout [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 01, 2004 2:59 PM
To: CF-Talk
Subject: SSL Question
I only have a small portion of my site - placing orders and changing
customer
information where I care if the data is encrypted over the net. I currently
only use https: for these related pages.
Should I be concerned about sending ordering information (only last 4 digits
of Credit Card), customer addresses and customer-specific pricing outside of
SSL?
Does SSL add enough overhead where this should concern me? If it doesn't,
why
not just keep the entire log-in session https:?
Comments, thoughts?
Andy
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
