IEBlog :: "Critical Mistake #1: Non-HTTPS Login pages (even if submitting to a HTTPS page).
Most webdevs know that HTTPS is comparatively expensive-- the multistage handshake with multiple roundtrips and cryptographic operations is inherently less performant than straight HTTP. A few years ago, someone got the bright idea that login pages should be served via HTTP to reduce this performance hit. "
This is bad for 2 reasons which are explained in the article, article also goes on to refer to Mixing of HTTP content into HTTPS pages.
No comments:
Post a Comment