Thanks. I guess I might need to benchmark during a high period and see.
The website generally doesn't get a lot of hits, and we don't serve very large files. It's mostly text. But we might see more traffic on the last week of school.
Metzler, David wrote:
It depends on many factors. The primary performance concern is encrypt/decrypt of the data and its impact on cpu. Image files, large pdf documents, etc when encrypted can cause CPU performance impact. If your browsers cache much of this content it's not a huge load, but of course you need to think about how many concurrent hits you're likely to get on your site.
Also understand that this means that the clients need to decrypt the data. So again if you're sending say a big .wav file to grandmas 6 year old computer that is loaded with AV software and that old clunker has to decrypt the content and then scan it for viruses, well grandma may decide not to watch that movie after all.
I guess what I'm saying is that if you're doing regular text, with small numbers of images and you don't expect an insane amount of hits, and you're not shared hosting, and you're server is reasonably current as far as CPU is concerned, you probably aren't going to notice too much.
But if your target audience has old clunkers, or you are planning on putting up heavy content, or you aren't blessed with an abundance of CPU, then it's probably worth your while to set up securepages, and make sure your site can respond to https and http. Frankly that last step I'd do anyway so you can advertise example.com without users having to remember to type https.
Either way you can pretty much look at CPU load to determine whether this is an issue for you.
Good luck,
Dave
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Daniel Carrera Sent: Thursday, October 23, 2008 1:48 AM To: support@drupal.org Subject: Re: [support] Drupal on HTTPS
Thanks.
You mention performance issues. How bad is it? I spent several hours Googling and I found two papers. One that claims that the delay due to HTTPS is minimal and another that claims that the delay is significant. :-(
Metzler, David wrote:
Naw we do this (Aside from the obvious performance issues about decripting data for large numbers of hits). There's a securepages module out there to force redirects on certain pages if your interested in making sur ethat just the login informatioin or user information happens over https.
http://drupal.org/project/securepages
Dave
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Daniel Carrera Sent: Wednesday, October 22, 2008 1:07 PM To: support@drupal.org Subject: [support] Drupal on HTTPS
Hello,
Is there any harm in serving Drupal over HTTPS instead of HTTP?
I want the Drupal login to be on HTTPS because I just don't like sending passwords in plain text. But with Apache it is no more work to
make the entire site run on HTTPS versus just one page. In fact, it
seems easier.
So, I was wondering, is there any good reason not to serve a Drupal site over HTTPS? It seems a bit odd, but I figure, if I already have an SSL certificate, I figure, what's the harm?
Thanks. Daniel -- [ Drupal support list | http://lists.drupal.org/ ]
-- [ Drupal support list | http://lists.drupal.org/ ]