From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Richard Carde Sent: Tuesday, 12 April 2011 2:46 PM To: ozDotNet Subject: Re: adding ssl to asp.net website
On Sun, Apr 10, 2011 at 12:55 PM, Anthony <asale...@tpg.com.au<mailto:asale...@tpg.com.au>> wrote: Thanks David...i have installed ssl cert etc....most ecommerce system only use ssl for login and checkout..so was looking for technique to do this... I don't understand the rationale for falling back to non-https mode. IMO, it's bad practice and increases risk to the user - see OWASP Top Ten 2010<https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project> risks A3, A6 and A9. * Usually requires dedicated IPv4 address - of which we have a shortage * Has resource overhead in setting up and maintaining a connection - there are solutions to this, but they all cost money Cheers Ken