Question about HTTPS/SSL


#1

Hello all!

Quite new to the whole HTTPS business. So I have a (very noobish) question about the whole secure hosting thing.

Basically, I’m about to set up a special directory to host project files for clients; something like http://clients.mysite.com/. Now these project files can differ in filesize from 3kB to 800MB. The domain could end up exchanging sensitive data with my clients in the future too.

Would it be wise to choose secure hosting for this domain? I hear stories about slower connection speeds and performance issues when using secure hosting, hence my question.

Personally, I always found https:// to look rather professional and trustworthy. Which is of course something I want clients to expect from me. However, if it delivers more problems than it delivers benefits, then of course the choice is obvious.

Many thanks to all those who are willing to help me! :slight_smile:


#2

many people misunderstand what SSL or secure hosting (https://) actually is…

What it does is encrypt the page before it leaves the server and is then decrypted in the users browser. This basically prevents anyone from intercepting the packets as they travel the internet.

What is does NOT do is control who has access to the data. Your CMS, forum, wiki or other web application that is being used on the server controls who has access to the data itself.

So the question to ask yourself is… If the data was intercepted as it traveled the internet between server and users browser would that data need to be protected? Does it contain secrets, such as proprietary info, trade secrets, or personal information such as credit card or social security numbers of users? If yes, then you should opt for SSL (or HTTPS).

As for performance issues, that all depends on the sites traffic. If you have a customer occasionally accessing some of the data well that is pretty low traffic regardless of the file sizes. If on the other hand, you get a million hits a day from around the world that’s another thing.

Costs are higher for secure hosting, your site must have a unique IP address and you need to buy a certificate and renew it periodically.


#3

Thanks for the reply!

Well I already chose for SSL. Paid for an unique IP and certificate already! What I’ve done is, the client logs in and exchanges private information via https://. But is provided with links to their downloadable files via http://.

Although the information they exchange isn’t as sensitive as, say, credit card information, it’s still something I like to see traveling safe between server and client.

Cheers for the explanation!