MicrostockGroup Sponsors

Author Topic: Why No HTTPS?  (Read 3618 times)

0 Members and 1 Guest are viewing this topic.

« on: February 27, 2009, 15:28 »
Is it really that difficult to implement an Https website? To be fair, of the big six, Dreamstime and Stockxpert both use Https. But the others don't. I'm under the understanding that Https will encrypt everything; thus, making it more secure. Perhaps the other sites use something else? Not a rant, just curious.

« Reply #1 on: February 27, 2009, 15:37 »
The short answer is that HTTPS is expensive.  All that encryption and decryption adds significantly to server load.  It's worth doing when confidential information is being passed, but the rest of the time it's just overhead with no benefit.


« Reply #2 on: February 27, 2009, 16:08 »
We pay $800 or so a year for securing the 9 websites of Zymmetrical. It is well worth it, in both consumer confidence as well as real security. Considering many photographers are on the go and traveling around, you never know who is sniffing your packets.  I don't know anyone that would trade off a fraction of a second in increased pageload time on a few key pages like registration, login or shopping cart, vs. the potential of having their account or worse credit card info compromised.

« Reply #3 on: February 27, 2009, 16:26 »
In case I wasn't clear, I wasn't arguing against the value of HTTPS for confidential data.  Logins should always be secure, as well as pagest that pass credit card information.  But for everything else, the question is whether the overhead is justified by the risk of abuse if the information gets out.  Personally, I don't care if someone can discover that someone at my IP address ordered those videos, as long as they can't get to information that will permit them to impersonate me.


« Reply #4 on: February 27, 2009, 18:07 »
Yup I kind of thought about that after answering - of course everything can't be encrypted right now - it's basically just too slow to be practical.  Maybe in a few more years when everyone has fiber to the door, people can be entitled to encryption on everything they do, but for now it's just not a reasonable tradeoff. Security has to start at the source: the business practices of the companies that deal with the data. As we've seen lately, even Facebook makes (political) blunders with such data.

« Reply #5 on: February 28, 2009, 05:07 »
To reply to the initial question, you don't have to implement anything: this is just a web server configuration. From a technical point of view, it is just plain easy.


Related Topics

  Subject / Started by Replies Last post
2 Replies
Last post April 15, 2011, 11:26
by jamirae
3 Replies
Last post August 19, 2013, 08:01
by KarenH
3 Replies
Last post December 18, 2017, 05:13
by ShadySue
2 Replies
Last post March 08, 2018, 14:09
by christiano
9 Replies
Last post November 20, 2020, 21:18
by marthamarks


Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results