KISS - The user should not be made to think, if the data is secure data then the user should be protected. Most users wont even know much about ssl or even the use of https in the url. In the case where a decision is to be made, for example if you are offering email and they can choose to have it secure or not then a setting or link to switch between should be supplied.
To say the client would be at fault is basically as ignorant a programmer/administrator as can be, again the user should not be the one to think, if the design of the site is not transparent then its not fluid and not easy. Im sure a bit of Usability would shut them up, but thats not always an option. As far as not being given the chance - this depends entirely on what the data is and what the customer base is. Will they possibly be using incompatible browsers? Is the data really so sensitive? Should it be up to the user being that its their data (or up to your company if its yours)? Will the user be happy about the loss of performance? Is the data so sensitive, even though its the customers, that they should be protected no matter what (credit cards, addresses etc)? My thoughts, Nick Quoting [EMAIL PROTECTED]: > Hello, > > Im looking for anyones thoughts on why it is not a good Idea to have > an https site be able to convert to an http site. I am having many > disscusions with co-workers that feel the client would be at fault if > they type in the http link instead of using the https link that is > provided?? > > I feel that the customer should not even have the chance to enter > http and be able to log in. My response to my team is "It's our job > (web team) not to even let them have access to the http link, it > should redirect or give error." What do you people have to add to > this????? > > Thanks, > Ron > > > -- > Pop3Now Personal, Get quick remote access to your email accounts! > Sign Up Now! Visit http://www.pop3now.com/personal > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
