On Mon, December 26, 2005 1:42 am, Dave Carrera wrote: > Are there any https / php gotchas to take into consideration for an > app > i am writing that will run within a https environment ??? > > Thank you in advance for any advice or links regarding this question. HTTPS can be considerably slower than HTTP. Clearly divide your application pages into HTTPS and HTTP pages. Then you need to be SURE all your links and FORM ACTION= into and out of HTTPS do the right thing to minimize the time in HTTPS land. Real Users (tm) get nervous earlier than they should about the little lock icon in their browser not being locked. For a shopping cart, put the whole thing into HTTPS, if you can, even if you really don't need to from a security stand-point. That goes against the minimalization advice above, but... "Contact" page, no HTTPS. Shopping Cart, HTTPS. You'll figure out the rest. :-) Some (and in trying to sell things, "some" is "too many" no matter how small "some" may be)... Some will abandon the cart when they don't see the "locked" icon. Ugly garish logos of how "secure" your site is (ugh!) must also impress users, for reasons beyond my ken, because I sure see a lot of those. Make a fake certificate and test and re-test on your development box for all the HTTPS stuff. You do NOT want to leave that as last-minute, even if it "seems" to be working on the dev site, even though you have no actually HTTPS set up. It *will* bite you in the butt somehow if you don't actually run HTTPS and work with it. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
