|
Posted by "Richard Lynch" on 12/30/05 23:08
On Mon, December 26, 2005 1:42 am, Dave Carrera wrote:
> Are there any https / php gotchas to take into consideration for an
> app
> i am writing that will run within a https environment ???
>
> Thank you in advance for any advice or links regarding this question.
HTTPS can be considerably slower than HTTP.
Clearly divide your application pages into HTTPS and HTTP pages.
Then you need to be SURE all your links and FORM ACTION= into and out
of HTTPS do the right thing to minimize the time in HTTPS land.
Real Users (tm) get nervous earlier than they should about the little
lock icon in their browser not being locked.
For a shopping cart, put the whole thing into HTTPS, if you can, even
if you really don't need to from a security stand-point. That goes
against the minimalization advice above, but...
"Contact" page, no HTTPS. Shopping Cart, HTTPS.
You'll figure out the rest. :-)
Some (and in trying to sell things, "some" is "too many" no matter how
small "some" may be)... Some will abandon the cart when they don't
see the "locked" icon.
Ugly garish logos of how "secure" your site is (ugh!) must also
impress users, for reasons beyond my ken, because I sure see a lot of
those.
Make a fake certificate and test and re-test on your development box
for all the HTTPS stuff.
You do NOT want to leave that as last-minute, even if it "seems" to be
working on the dev site, even though you have no actually HTTPS set
up. It *will* bite you in the butt somehow if you don't actually run
HTTPS and work with it.
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|