Comments on: Encrypting Only the Login Page http://monduke.com/2006/12/19/encrypting-only-the-login-page/ Covering J2EE Security and WebLogic Topics Tue, 13 Apr 2010 01:53:49 -0600 http://wordpress.org/?v=2.9.2 hourly 1 By: Mike Fleming http://monduke.com/2006/12/19/encrypting-only-the-login-page/comment-page-1/#comment-13971 Mike Fleming Wed, 14 Jan 2009 02:34:38 +0000 http://monduke.com/?p=38#comment-13971 Nicolas, Thanks for the comment. With regard to GMail, if you navigate to https://www.gmail.com it will stay in https. Perhaps the other two you mentioned will, too, although I have seen sites that won't. I think the high bandwidth sites have more to "lose" given their high data volumes. You're right, there's no reason to encrypt Flickr pics but I assume Google wants to save the processing overhead due to resource utilization. They just happen to allow the privacy nuts like us to use SSL if we explicitly ask for it. Then again, maybe a privacy nut shouldn't be using a Google property in the first place! ;-) Nicolas,

Thanks for the comment.

With regard to GMail, if you navigate to https://www.gmail.com it will stay in https. Perhaps the other two you mentioned will, too, although I have seen sites that won’t.

I think the high bandwidth sites have more to “lose” given their high data volumes. You’re right, there’s no reason to encrypt Flickr pics but I assume Google wants to save the processing overhead due to resource utilization. They just happen to allow the privacy nuts like us to use SSL if we explicitly ask for it. Then again, maybe a privacy nut shouldn’t be using a Google property in the first place! ;-)

]]> By: Nicolas http://monduke.com/2006/12/19/encrypting-only-the-login-page/comment-page-1/#comment-13970 Nicolas Tue, 13 Jan 2009 14:23:55 +0000 http://monduke.com/?p=38#comment-13970 Hi Mike, great article here (again !) Direct impact of what you show : as gmail / flickr / facebook fall into those categories of websites who encrypt only the username/pass, i'd never use them from a hotspot...Simple? Second thought, if all those sites use this crippled strategy, there must be a very good reason in terms of performance... For flickr, it's pretty clear, if you start encrypting pics, you're dead, but gmail??? Cheers Hi Mike,
great article here (again !)
Direct impact of what you show :
as gmail / flickr / facebook fall into those categories of websites who encrypt only the username/pass, i’d never use them from a hotspot…Simple?

Second thought, if all those sites use this crippled strategy, there must be a very good reason in terms of performance…
For flickr, it’s pretty clear, if you start encrypting pics, you’re dead, but gmail???

Cheers

]]>