|
Home > Archive > IIS Server Security > February 2005 > Beginners SSL web server query
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Beginners SSL web server query
|
|
|
| Hi,
We have a small web site which comprises of a login screen, then some
member screens.
I need the member screens to be secure, but the initial screen to be
unsecure.
Is the norm to use a single web server serving both secure and
unsecure pages, or should I use one server which is secure, and
another server which is unsecure.
If a single server is used, do people tend to have a secure folder and
an unsecure folder, or do people secure at individual file level?
Which methods are normally used by large financial type sites?
Many thanks,
Mart
| |
| David Wang [Msft] 2005-02-28, 8:50 pm |
| The "norm" really depends on your requirements.
I think you will be fine with a single web server handling both HTTP and SSL
requests. As soon as you start worrying about hosting parameters, such as
reliability, uptime, security, etc -- and you do not plan to acquire the
technical expertise to address them yourself -- you should consider a
hosting company with an agreement that you are comfortable with.
In general, I suggest you only encrypt the necessary content using SSL. SSL
is expensive on the CPU and do not expect blazing performance/caching. For
example, the graphics on a page do not need to be encrypted over SSL if it
doesn't contain any sensitive information. You can also configure IIS to
enforce SSL on a per-page level (as well as redundant code in your page to
check for encryption). So, lots of choices -- depends on what you want to
do.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Mart" <mvinfotech@NOSPAM.btinternet.com> wrote in message
news:d0h621dchtb9qv5ldqpf7605ve2aiqa06q@
4ax.com...
Hi,
We have a small web site which comprises of a login screen, then some
member screens.
I need the member screens to be secure, but the initial screen to be
unsecure.
Is the norm to use a single web server serving both secure and
unsecure pages, or should I use one server which is secure, and
another server which is unsecure.
If a single server is used, do people tend to have a secure folder and
an unsecure folder, or do people secure at individual file level?
Which methods are normally used by large financial type sites?
Many thanks,
Mart
|
|
|
|
|