undefined | Better HN

0 pointsshkkmo4y ago0 comments

I started doing professional web development in 2011. It was very clear at the time that not using HTTPS for any site with a login was an BAD practice that made your users less secure. There were clearly people and institution still using bad practices, but risks were clear to most web developers.

What was shifting at the time was developer views on using HTTPS for non-secure, unauthenticated portions of websites. This is where the "HTTPS Everywhere" plugin and other such movements came in.

0 comments

pooper4y ago

From what I remember there was a lot of pushback from infrastructure as we thought using https for the whole website would increase CPU load. Never verified if this was true... but I'm sure someone here should know.

shkkmoOP4y ago

Re 2011

Push back on what? There was pushback against HTTPS for non-authenticated pages for various reasons.

That does not mean that HTTPS for authenticated pages was not considered a standard and necessary security measure.

j / k navigate · click thread line to collapse