1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

http:\\ vs https:\\

Discussion in 'C#' started by bigdork, Apr 7, 2008.

  1. #1
    hello all.. I am working on a .net application and am trying to decide on http vs https.. I have seen a lot of sites that do not use https on the apps login screen. to me, that seems like that would not be a secure way of doing business as everything related to user signup and login should be secure.
    SEMrush
    if any of you have experience with http vs https, i would like to hear your opinions.

    Thanks in advance for any help that could be provided.
     
    bigdork, Apr 7, 2008 IP
    SEMrush
  2. StudXtreme

    StudXtreme Banned

    Messages:
    15
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I remember a lesson about this at college. In my opinion (and that of the authors who wrote our textbooks), if your site is simple enough, and you're not dealing too much with hard cash, http would do.

    On the other hand if your user accounts would have access to money, or the stakes are high, go in for https
     
    StudXtreme, Apr 7, 2008 IP
  3. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    well SSN and credit card numbers are involved.. so I know that I will use https 'in' the application, but what about the page where the user logs in? does that have to be https as well?
     
    bigdork, Apr 7, 2008 IP
  4. falguni1

    falguni1 Peon

    Messages:
    3,019
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #4
    you need https in paypal and banks, money sites.
     
    falguni1, Apr 7, 2008 IP
  5. StudXtreme

    StudXtreme Banned

    Messages:
    15
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Most credit card companies tell customers not to use CC numbers on site without "https://" ... so if you don't want to turn away potential clients and don't want to be branded as a scamming/phishing site, go for the s.

    ~SX
     
    StudXtreme, Apr 7, 2008 IP
  6. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    that is what I have always been taught also.. but what about the log in page?
     
    bigdork, Apr 7, 2008 IP
  7. Shazz

    Shazz Prominent Member

    Messages:
    8,396
    Likes Received:
    453
    Best Answers:
    0
    Trophy Points:
    330
    #7
    Why wouldn't you just use https:// in everything if its secured in stuff?
     
    Shazz, Apr 7, 2008 IP
  8. whatyaknow

    whatyaknow Peon

    Messages:
    256
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    You should always use https for the login page or any page that requires "secret" credentials (ie: forget password, password reset, hint). You want to make the user to feel secure at all times and since you are making the effort to keep them feeling warm and cozy you should also post that somewhere on the website that they are using a SSL encrypted website.

    People these days take note on what they are doing online because of the widespread media coverage so in closing I'd use https.

    Regards,
     
    whatyaknow, Apr 7, 2008 IP
  9. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    good point whatyaknow..

    https should be used
     
    bigdork, Apr 7, 2008 IP
  10. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    There was an issue with setting up IIS to make everything https.

    If you have any tips on redirecting http to https for every page that is viewed, i would appreciate any help.
     
    bigdork, Apr 7, 2008 IP
  11. whatyaknow

    whatyaknow Peon

    Messages:
    256
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Or.. what you can do is offer the user the option to switch over to https to login.. that way you can appease everyone?
     
    whatyaknow, Apr 7, 2008 IP
  12. whatyaknow

    whatyaknow Peon

    Messages:
    256
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Wish I could help you out but I'm an apache guy.. :(
     
    whatyaknow, Apr 7, 2008 IP
  13. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    me too.. this question is for my job.. personally i am an LAMP person
     
    bigdork, Apr 7, 2008 IP
  14. entwickler

    entwickler Member

    Messages:
    75
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #14
    forms authentication over https is a classic and proven solution for asp.net. So, just implement it :). The other secure authentication method is windows authentication (this can be over http) -
    - much harder to implement - Active Directory involved ...)
     
    entwickler, Apr 7, 2008 IP
  15. pcknowhow.com

    pcknowhow.com Peon

    Messages:
    47
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #15
    It shouldn't be a problem to serve the login page itself as http:// -as long as the form is submitted over https://
     
    pcknowhow.com, Apr 7, 2008 IP
  16. Dollar

    Dollar Active Member

    Messages:
    2,599
    Likes Received:
    82
    Best Answers:
    0
    Trophy Points:
    90
    #16
    Make the POST call in the login form to script that handles the password/login details to https then have the script redirect back to http

    Many websites do this..Look at Facebook.com login form. (view source)
     
    Dollar, Apr 7, 2008 IP
  17. AstarothSolutions

    AstarothSolutions Peon

    Messages:
    2,681
    Likes Received:
    77
    Best Answers:
    0
    Trophy Points:
    0
    #17
    As said, it depends what data there is secured by the log in. If it is a simple forum then there is little point in paying the cost of a SSL certificate etc however if personal details are there you should consider it and certainly if access to credit card details.

    The disadvantages of SSL is firstly the additional hosting costs and secondly SSL adds to the server load as all comms have to be encrypted/ decrypted
     
    AstarothSolutions, Apr 7, 2008 IP
  18. bigdork

    bigdork Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #18
    Thanks everyone for your help.. I think we have it figured out now! :)
     
    bigdork, Apr 9, 2008 IP
  19. jezzz

    jezzz Notable Member

    Messages:
    4,887
    Likes Received:
    190
    Best Answers:
    0
    Trophy Points:
    200
    #19
    Https:// i check in my Bank account site :)
     
    jezzz, Apr 9, 2008 IP
  20. salman4raza

    salman4raza Peon

    Messages:
    373
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #20
    i think if you website is not directly involve in cashing, means redirecting to paypal or so, then you dont need https. but if your business nature a very secure information https must be adopted.
     
    salman4raza, Apr 24, 2008 IP