Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Pros/Cons of running entire site in SSL Mode
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

keng
VP-CART New User

152 Posts

Posted - August 23 2004 :  20:33:12  Show Profile  Reply with Quote
Hi,

I finally have SSL on my website. I realized that there are a lot of links on my site that I want to have SSL (All that requires username, password, etc...) so I decided that I just run my entire website in full SSL. Now, what are the cons or disadvantages of running my website in Full SSL? Am I missing anything here? Please advice.

Thanks!



Jack Murphy
Starting Member

4 Posts

Posted - August 26 2004 :  09:51:30  Show Profile  Reply with Quote
We found that our SSL server (on our ISP) ran secure pages MUCH slower than the regular server.

So what I did was go back to having the site split, just the pages that need to be secure on the SSL server and the rest in a folder on our regular website.

VP-ASP's recommendation on this in the documentaion was INCORRECT, at least for our purposes - it does not run the admin pages through SSL!

Since we get credit card info on the orders page (then remove as soon as we get the order confirmation email) we needed to have the admin pages running in SSL mode.

So I'm in the process of winnowing out which pages need to be in which folder. As it is I have duplication of many pages. There was some discussion in this forum about what's needed to run admin in SSL mode, but I haven't yet taken time to prune it all.

I know our product pages load much quicker, and I'm sure that will help with orders. And I also know that all pages that need SSL protection are running in that way. Just be sure to not have the admin pages available in the non-secure area, as well as all the other VP-ASP security recommendations.

Go to Top of Page

lynch
VP-CART New User

USA
74 Posts

Posted - August 27 2004 :  08:06:32  Show Profile  Reply with Quote
quote:

We found that our SSL server (on our ISP) ran secure pages MUCH slower than the regular server.



Yes, SSL requires that the server and the client perform extra encryption work, which will slow down your pages. Data received over SSL is not cached either, so little things like navigation images would need to be re-downloaded for each page -- this will also slow things down.

I'm surprised no one immediately jumped into this topic and mentioned that your site won't be spidered by search engines if you run everything under SSL. Without search engine visibility, you lose one of the ways people will find your site.

Go to Top of Page

greatphoto
VP-CART Super User

USA
304 Posts

Posted - August 27 2004 :  16:26:04  Show Profile  Reply with Quote
quote:

just the pages that need to be secure on the SSL server and the rest in a folder on our regular website.....which pages need to be in which folder. As it is I have duplication of many pages.



Jack-

Are you running shared SSL? I'm not familiar with SSL method that uses a secure folder verses non-secure folder except for shared-ssl.

Nathan

Go to Top of Page

keng
VP-CART New User

152 Posts

Posted - August 27 2004 :  19:13:33  Show Profile  Reply with Quote
quote:

Data received over SSL is not cached either, so little things like navigation images would need to be re-downloaded for each page -- this will also slow things down."

I'm surprised no one immediately jumped into this topic and mentioned that your site won't be spidered by search engines if you run everything under SSL. Without search engine visibility, you lose one of the ways people will find your site.



Thanks, very good point!

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00