secure layer use

[manic]

Are there any down sides to making the whole site jump to a secure layer from the word go?

I have a site which does this from the point of login, but for people who don't login it stays in the normal zone. Just wondering about any possible side effects from making the default.asp jump straight into https unless it's there already.

** hoping for a quick answer to this one **

[MarcusJT]

This should give you the idea:

Code:

If Request.ServerVariables("HTTPS") <> "ON" Then
'redirect code goes here
End If

[manic]

I know how to do it, but thanks anyway

just wondering if it's a good idea or not.

[MarcusJT]

Well, using HTTPS increases your costs (increased bandwidth use) and reduces the performance of your web server (due to encryption/decryption), so it's generally advisable to use it as sparingly as possible. Plus it might annoy search engine spiders.

[manic]

Now that is interesting info... thanks for sharing!!!

Guess I'll have to stop thinking about being lazy now.

cheers!

[MarcusJT]

Naturally, if you're writing an Internet Banking app then you should use it throughout, but in most cases it's sufficient to just use it for the instances where the data transferred actually needs to be kept secure, e.g. the login pages.

[manic]

yeah, in this case it's the shopping basket screens... the rest is essential stuff for search engines.

[MarcusJT]

Surely only the checkout screens (where private data is entered) need to be secure?

[manic]

It's going to be secure as soon as they enter the checkout right through to the confirmation at the end. If people decided to wander into other areas of the site inbetween I don't mind if that's all done on a secure level.

So long as search engine can see somewhere between 80,000 and 150,000 products every day then it's all good with me.