在网页上混合安全内容和非安全内容-这是一个好主意吗? [英] Mixing Secure and Non-Secure Content on Web Pages - Is it a good idea?

问题描述

我正在尝试提出一些方法来加快我的安全网站的速度.因为有很多CSS图像需要加载，所以它会减慢站点速度，因为安全资源不会被浏览器缓存到磁盘，并且必须比实际需要的频率进行更多的检索.

I'm trying to come up with ways to speed up my secure web site. Because there are a lot of CSS images that need to be loaded, it can slow down the site since secure resources are not cached to disk by the browser and must be retrieved more often than they really need to.

我正在考虑的一件事可能是将基于样式的图像和javascript库移动到一个非安全的子域中，以便浏览器可以缓存这些不会带来安全风险的资源(渐变并不完全敏感)材料).

One thing I was considering is perhaps moving style-based images and javascript libraries to a non-secure sub-domain so that the browser could cache these resources that don't pose a security risk (a gradient isn't exactly sensitive material).

我想看看其他人对做这样的事情有何想法.这是一个可行的想法，还是应该以其他方式(例如使用CSS Sprite-maps等)来优化网站以减少请求和带宽?

I wanted to see what other people thought about doing something like this. Is this a feasible idea or should I go about optimizing my site in other ways like using CSS sprite-maps, etc. to reduce requests and bandwidth?

推荐答案

浏览器(尤其是IE)对此感到不安，并警告用户页面上有混合的内容.我们进行了尝试，并吸引了一些用户来质疑我们网站的安全性.我不推荐它.让用户在使用您的网站时失去安全感是不值得的.

Browsers (especially IE) get jumpy about this and alert users that there's mixed content on the page. We tried it and had a couple of users call in to question the security of our site. I wouldn't recommend it. Having users lose their sense of security when using your site is not worth the added speed.

这篇关于在网页上混合安全内容和非安全内容-这是一个好主意吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！