SitePoint Sponsor

User Tag List

Results 1 to 19 of 19
  1. #1
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    391
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    SSL on every page?

    Hi,

    I am new to SSL certs and have a question about what pages it needs to be used on. I will be having a login form on every page so does this mean every page needs to use SSL even before a user has logged in? Or maybe a login page can be without SSL and is directed to an SSL page before logging in the user. I think with this solution though the initial login POST information would be sent to the login page unsecured?

    Thanks

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,629
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    You could have the login form POST to SSL.

    Personally, I would put the whole site behind SSL.

  3. #3
    SitePoint Enthusiast AndyGambles's Avatar
    Join Date
    Jul 2006
    Location
    Scarborough, North Yorkshire, United Kingdom
    Posts
    45
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If you are putting a login form on every page then every page should be SSL.

    Alternative is to iframe the login box from SSL but this may not identify to the visitor that the page is secure or just have a Login link that directs to a login page which is SSL.

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,807
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Remember that one half of the reason for using SSL is so that people can confirm that the form they are about to fill out is actually on the site they think it is on.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Addict Banana Man's Avatar
    Join Date
    Dec 2005
    Posts
    391
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Ok, maybe i'll just have a link to a login page that is under SSL. Thanks for the input!

  6. #6
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Location
    Cape Town, South Africa
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think SSL is slower than normal. So making every page to use SSL may be a bad for ranking? I read this somewhere and went against using it for all my pages.
    Anyone able to provide a comment on this?

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sahostking View Post
    I think SSL is slower than normal. So making every page to use SSL may be a bad for ranking? I read this somewhere and went against using it for all my pages.
    Anyone able to provide a comment on this?
    SSL has noting to so with SEO. And most certainly will not effect SEO. I swear not everything on the web has to somehow be "SEO" related.

    Now, as long as a form submits to a page that is behind a secure connection (HTTPS) then the forms contents is encrypted before sending. The form itself does not need to be on a secure page. However, if you have the ability to enable SSL for all pages, you might as well. (Now unless you have large amount of traffic...thats another concern, SSL will require more processing time for the server.)
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    SSL may work well for SEO but it will slow down the site - especially when the user first enters your site and the secure handshake happens the delay might be a few seconds depending on the connection speed. This might be important for you - if people find your site in a search engine and click the link you probably want them to see your site as soon as possible before they get impatient. I wouldn't use SSL for all of the site unless it's a banking system or some other system with confidential information. If you want the login to be secure then I think it's best to do it on a separate SSL page (so people are certain they are under SSL) and then redirect them back to where they came from.

  9. #9
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Come on, SSL is not that slow...the handshaking is not going to chase people away. It barely takes an extra second. Now if your site is that poorly optimized then you have other troubles.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  10. #10
    SitePoint Guru bronze trophy
    Join Date
    Dec 2003
    Location
    Poland
    Posts
    930
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    You are correct - SSL will not be slow for most people. But try browsing connected through a mobile phone in a remote location and you will feel the handshake lag.

  11. #11
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Mobile browsing in a remote location is already super slow even without SSL. Majority of people will already be used to the slowness that current mobile browsing suffers from. Grasping at straws here, trying to satisfy an edge case.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  12. #12
    SitePoint Enthusiast vincewicks's Avatar
    Join Date
    Jan 2012
    Location
    Brooklyn, NYC
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could make whole site with SSL. But do you actually need this? I mean, Do your users keep some privacy info on your website?
    This site is the go-to place for web designs.

  13. #13
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,807
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by vincewicks View Post
    You could make whole site with SSL. But do you actually need this? I mean, Do your users keep some privacy info on your website?
    Well they do if the pages all use a login form as is the case here.

    The pages with the login form need to use SSL so that the person can check they are on the right site before trying to login. The page that then calls and all subsequent pages need SSL so that the data can be encrypted.

    So with the particular situation being discussed it is essential that all the pages use SSL.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  14. #14
    SitePoint Member
    Join Date
    Jan 2013
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sahostking View Post
    I think SSL is slower than normal. So making every page to use SSL may be a bad for ranking? I read this somewhere and went against using it for all my pages.
    Anyone able to provide a comment on this?
    SSL does not cause performance issues. As for SEO, why would having additional website security hamper SEO efforts? If anything it will be a boost.

  15. #15
    Non-Member
    Join Date
    Feb 2012
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    If you are using a login form than every page should be secured with SSL otherwise your customers will feel unsecured to fill the form.

    And if you have a online portal to sell something products or services than your payment gateway must have secured with SSL certificates.

  16. #16
    SitePoint Member
    Join Date
    Feb 2010
    Location
    Newark, DE, USA
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As per my opinion it is more beneficial to protect all webpages with SSL Certificate security. Or you can create login form on separate HTTPS URL and put it on each page.
    Secure Unlimited Sub-Domains
    with Wildcard SSL from ClickSSL.com
    Trusted SSL Certificate Provider

  17. #17
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    well, I'd go with whole site SSL instead of separate HTTPS URL on each page, sparing myself the trouble

  18. #18
    SitePoint Member
    Join Date
    May 2013
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For my blog i have SSL from namecheap, and to answer your question i also recommend SSl for the entire website since it eliminates any unsecure loopholes.

  19. #19
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Khan635 View Post
    ...i also recommend SSl for the entire website since it eliminates any unsecure loopholes.
    No it does not. SSL only makes the connection between the server and the client secure. It does not make your web site secure.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •