为什么https仅用于登录? [英] Why is https only used for login?
问题描述
性能是唯一的问题吗?在整个用户的会话中不能使用https连接吗?发生重定向的次数明显减少了!
Is performance the only issue? Can't an https connection be used throughout a user's session? There is obviously less redirection happening!
我在 http与https性能
编辑:好的,我并不是说仅使用 进行登录 。相反,我想问的是,如果你在网站的任何地方需要https,无论是登录还是付款,为什么不通过http与网站进行所有通信?
Ok, I didn't mean 'used only for login'. Rather, what I'm trying to ask is if you come to a point where you need https anywhere on your site whether it be login or payments, why not make all communication to the site over http?
例如,假设一个博客网站。现在,可以通过发送电子邮件来创建博客帖子。接下来,我可能会提供登录,然后提供添加帖子操作。在这种情况下,通常使用https 仅进行登录,然后再使用常规http来实际添加帖子。因为,现在需要提供一种管理模式,可以这么说,当一个人处于管理模式时,为什么不通过https进行所有通信,即登录。
As an example, assume a blog site. Now, the blog posts might get created by sending an email. Further down the line, I might provide a 'login' and then an 'add post' action. In this scenario usually the https is used only for the login and then again regular http for actually adding the post. Since, now the need is to provide an 'admin' mode, so to speak, why not have all communication over https while a person is in the 'admin' mode, i.e. logged in.
推荐答案
性能不是唯一的问题。如果您要使用HTTPS,则确实需要检查所有内容(包括第三方图像和库)是否可通过HTTPS获得。否则,您将在IE上生成烦人的混合内容消息:
Performance is not the only issue. If you're going to use HTTPS, you really need to check that all your content, including third party images and libraries, is available through HTTPS. Otherwise, you will generate annoying mixed content messages on IE:
http://blog.httpwatch.com / 2009/04/23 /定影的-IE-8预警-DO任您想查看的,只有最网页内容 - 这 - 是交付,安全/
这也意味着您需要为您使用的每个主机名(例如images.example.com)或某种通配符SSL证书(例如*)*提供单独的SSL证书.example.com)。
This also means that you'll need separate SSL certificates for each host name that you use (e.g. images.example.com ) or some sort of wild card SSL certificate (e.g. for *.example.com).
精心配置的网站应该只会在客户端和服务器上使用HTTPS轻微击中CPU:
A carefully configured site should only suffer a slight CPU hit on client and server using HTTPS:
http://blog.httpwatch.com/2009/ 01/15 / https-性能调整/
这篇关于为什么https仅用于登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
