Why Everyone Needs HTTPS
Posted: Sat, 6 August 2011 | permalink | 1 Comment
“Everyone” knows that if you have people logging into your site, you should at least be considering providing pervasive HTTPS for your site, so your users don’t get pwned by Firesheep. Of course, some people don’t worry about their users getting impersonated, but… yeah.
But even if you’re just a brochureware site, it’s time you get the HTTPS religion. Because if you don’t, you leave your users open to ISPs like this, who want to modify the HTML you send to include their own ads and notifications, or this bunch who thought it might be a good idea to redirect users’ searches to their own revenue generating services.
When you’re forking out for the extra expense of HTTPSifying your site (it’s not huge, but it’s not likely to be free), thank all those people who have decided that their need to extract additional profit from the people who already pay them money for Internet service outweighs their responsibilities to provide the service they’ve been contracted to provide.
From: Daniel Black
Once you’ve got the the effort of HTTPSifying your site you can add HSTS to remove the click-through options in the browser, enforce HTTPS only connections and to confirm your pledge to the HTTPS religion :-).
Post a comment
All comments are held for moderation; markdown formatting accepted.