What?! I thought putting everything under SSL made your app TOTALLY SECURE! ;)
Alex Boster [email protected] +1 (858) 922-4526 On Oct 11, 2011, at 7:40 PM, Matt Aimonetti wrote: > Caching happens based on the caching headers not the protocol you use. The > use of SSL really depends on the data you exchange back and forth between the > client and the server and the importance you give to limiting the > "hackability" of your site. > SSL is far to be really secure but it does add an extra level of security. > Rails provides a bunch of security tools to avoid common security breach and > I would personally start by only use SSL when transferring sensitive data > such as credentials, payment details etc.. > I would also not force SSL for any public pages for SEO reasons. > > - Matt > > Sent from my iPad > > On Oct 11, 2011, at 6:21 PM, Ylan <[email protected]> wrote: > >> It seems that there are lots of information out there that categorically >> says that there is no caching while using HTTPS. However, I also found this: >> >> http://blog.httpwatch.com/2011/01/28/top-7-myths-about-https/ >> >> This seems to go more in line with what I can observe in the chrome network >> resource tab: When navigating to previously visited pages under https, the >> resources I would expect to be cached, are loaded from cache, even extending >> rails-rendered pages that are set in the controller using: >> >> expires_in 60.minutes, :public => true >> >> So, at least there is some caching being done in the browser. Does anybody >> know if Varnish will also cache those rails-render pages? (Matt: I am hoping >> you chime in here specifically. I really want to apply most of what you >> describe in >> http://merbist.com/2011/07/11/first-step-in-scaling-a-web-site-http-caching/). >> >> >> Thanks for the input, >> >> -- >> Ylan >> >> -- >> SD Ruby mailing list >> [email protected] >> http://groups.google.com/group/sdruby > > > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
