public content. I've installed SSL so it should be secure, but I also
heard that SSL can have a big impact on the server.
While login and password changes need to be secure, the content itself
is not particularly sensitive. But actions and views will be user
specific, therefore users will need to be logged in at all times.
Given the above, I was wondering if it is necessary to use SSL at all
times or is possible to use it only for login? Presumably if I dropped
out of SSL after login, the cookies would still be vulnerable to
hijacking. My gut feel is that I have to use SSL all the time and just
accept the hit on the server, but I wondered there were any django
tools (CSRF protection) or best practices anyone has on managing the
balance of SSL and the impact on the server.
- Are they passing logins and passowords? Yes, then SSL
- Is the content sensitive (like bank details or commercial stuff) ?
If yes then SSL.
- Are the content and actions user specific? If yes then SSL.
ALJ
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment