Thanks.
You mention performance issues. How bad is it? I spent several hours Googling and I found two papers. One that claims that the delay due to HTTPS is minimal and another that claims that the delay is significant. :-(
Metzler, David wrote:
Naw we do this (Aside from the obvious performance issues about decripting data for large numbers of hits). There's a securepages module out there to force redirects on certain pages if your interested in making sur ethat just the login informatioin or user information happens over https.
http://drupal.org/project/securepages
Dave
-----Original Message----- From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Daniel Carrera Sent: Wednesday, October 22, 2008 1:07 PM To: support@drupal.org Subject: [support] Drupal on HTTPS
Hello,
Is there any harm in serving Drupal over HTTPS instead of HTTP?
I want the Drupal login to be on HTTPS because I just don't like sending passwords in plain text. But with Apache it is no more work to make the entire site run on HTTPS versus just one page. In fact, it seems easier.
So, I was wondering, is there any good reason not to serve a Drupal site over HTTPS? It seems a bit odd, but I figure, if I already have an SSL certificate, I figure, what's the harm?
Thanks. Daniel -- [ Drupal support list | http://lists.drupal.org/ ]