Re: HTTP without being HTTPS all the time

In message <20120719184924.GM16208@1wt.eu>, Willy Tarreau writes:

>As usual, Adam gave a nice description there, and I'm sure many of us are
>aware of the issues he describes. I'm among those who consider that having
>only some pages of a site secured is dangerous. Either the site is clear or
>it's not.

What about sites that are HTTP until you log in, then switch to HTTPS ?

That's a perfectly fair & sensible way to avoid spending resources
on non-paying visitors.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Thursday, 19 July 2012 20:02:02 UTC