-- Ylan Segal [email protected] Tel: +1-858-224-7421 Fax: +1-858-876-1799
On Oct 11, 2011, at 7:40 PM, Matt Aimonetti wrote: > Caching happens based on the caching headers not the protocol you use. Good to know. > The use of SSL really depends on the data you exchange back and forth between > the client and the server and the importance you give to limiting the > "hackability" of your site. In my case, it's not like there is a lot of private data passed around most of the time, with the exception when the customer is getting ready to pay. I guess that someone using Firesheep or the like _could_ get a hold of your cart contents, but isn't much really. Of course, the payment and account portion of the site would absolutely need to go to SSL. > SSL is far to be really secure but it does add an extra level of security. Which is my point in the first place: If it is more secure, and there are no drawbacks, why not just use it all the time. > Rails provides a bunch of security tools to avoid common security breach and > I would personally start by only use SSL when transferring sensitive data > such as credentials, payment details etc.. That is my first instinct too, but I guess I am playing the devil's advocate. It certainly would be slightly simpler to just send everything through SSL and not deal with what controllers need to enforce SSL and so forth. Thanks for chiming in. -- Ylan. -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
