[Dshield] Banks Shifting Logins to Non-SSL Pages

Stephane Grobety security at admin.fulgan.com
Wed Aug 24 12:00:19 GMT 2005


ET> Well as far as Https being intensive on processing power, there are
ET> hardware based, asic based devices specifically meant to offload SSL
ET> encryption schemes from overwhelmed servers.

It still makes it more expensive to serve a web page over SSL. There
are other issues: with HTTP, you can easy share the load over several
servers. With HTTPS, however, you're creating a very strong affinity
between the client and the server that answered.


Good luck,
Stephane



More information about the list mailing list