9 Replies Latest reply on Apr 29, 2013 4:37 PM by Nancy OShea

    HTTPS + VPN

    Geobop Level 1

      I just tried out a virtual private network (VPN) for the first time. After reading a little about VPN's and HTTPS, I'm intrigued. They both sound like very attractive options for this era when privacy is an endangered species.

       

      I just wondered how web designers approach this issue. I began publicly warning my visitors about Microsoft - especially IE - long before it was fashionable. And I was right. Today, there are several better browsers to choose from, and Apple is bigger than M$, while Bing will never catch up with Google.

       

      So what kind of trend do you see regarding HTTPS and VPN's? Are these technologies that are going to eventually become the norm, or at least very common, or will they probably always be on the fringe?

       

      How does one make a website HTTPS-compatible, and do you think it would be a good idea? My understanding is that it doesn't really work unless EVERY WEB PAGE on the site is HTTPS. If you go from a HTTPS page to a HTTP page, you're even more vulnerable to spying or attacks, if I understand correctly.

       

      It also sounds like HTTPS pages can take a little longer to load.

       

      So my hunch is that HTTPS might not be worth playing with unless you can offer a website in two flavors - HTTP and HTTPS.

       

      So let's say I have a website - www.mysite.com - with 100 pages. Is there a way to modify that site so that visitors can 1) choose between surfing it in HTTP or HTTPS mode, and 2) make EVERY page HTTPS-compatible for those who choose the latter?

       

      If I embrace this technology, then I'd like to educate my visitors and promote HTTPS and/or VPN at the same time. I'm experimenting with a VPN right now, and it seems to work OK, though I still have a lot to learn about it.

       

      Between the CIA and Microsoft, I suppose there's no way to be 100% secure, but I would think either surfing in HTTPS mode or using a VPN would help, and the two of them combined ought to be even better.

       

      Any thoughts?

       

      Thanks.

        • 1. Re: HTTPS + VPN
          Nancy OShea Adobe Community Professional & MVP

          HTTPS is encrypted and much slower than HTTP.  It also costs more.  I don't see much necessity for it unless you're collecting, storing or transmitting sensitive data such as credit cards, medical records, banking transactions, etc...  There would be very little point in using this level of encryption on pages that don't require it. 

           

           

           

          Nancy O.

          1 person found this helpful
          • 2. Re: HTTPS + VPN
            Geobop Level 1

            That's good to know. I didn't realize it was "much slower," nor did I realize it costs more. Do hosts charge more for HTTPS service, or does it just cost more because it increases bandwidth usage?

             

            I noticed that the Electronic Frontier Foundation is promoting HTTPS - https://www.eff.org/about (Ironically, they're About HTTPS page isn't displaying correctly.) Also, Firefox has a HTTPS addon. But I don't want to jump on the bandwagon until I have a better understanding of the technology.

             

            I'm thinking of trying HTTPS on one of my political sites, but it sounds like it might not be a good choice on my regular, general audience sites.

             

            Can anyone tell me how to convert a website to HTTPS in the first place? Thanks.

            • 3. Re: HTTPS + VPN
              mhollis55 Level 4

              Simple:

               

              Buy a Security Certificate for your server.

              Pick which pages will be secure

              Place those in your secure directory.

               

              For example, when I make an online store, the payment area will be secure and will live in a secure folder. I'll tell my hosting provider to apply the security certificate for that website to that particular folder. All data into and out of that folder will be encrypted.

               

              Now, I can also make the entire website secure. But as Nancy says, that is slower, due to the encryption. It also takes up a certain amount of additional processor cycles. So, I use the folder approach.

               

              As soon as someone calls the secure page on the website, a lock symbol will appear somewhere on the browser that is on that website and the http: calls will go through the security certificate and be https:

               

              Virtual Private Networks are another matter entirely and are useful in exchanging data to and from a remote computer system from your local system. In many cases, there is no web browser required.

              1 person found this helpful
              • 4. Re: HTTPS + VPN
                John Waller Adobe Community Professional & MVP

                Some useful discussion of pros/cons of HTTPS at the bottom of this blog entry:

                http://www.groovypost.com/howto/install-ssl-certificate-https-website-security/

                1 person found this helpful
                • 5. Re: HTTPS + VPN
                  Geobop Level 1

                  OK, that fills in a big piece to the puzzle. I checked GoDaddy and see that you can get security certificates for $6 a year. I'd kind of like to try it with one of my smaller websites.

                   

                  But it sounds like your web pages have to be HTTP or HTTPS - you can't give visitors a choice of surfing in either mode, right?

                   

                  Also, I can see how this might cause problems with search engines. If the pages of one my sites are indexed in Google, and I change all the URL's to https, then Google is going to send people to the wrong pages.

                   

                  Thanks.

                  • 6. Re: HTTPS + VPN
                    Geobop Level 1

                    Thanks; that is a good article.

                    • 7. Re: HTTPS + VPN
                      mhollis55 Level 4

                      Don't go with GoDaddy.

                       

                      Don't.

                       

                      Seriously.

                      • 8. Re: HTTPS + VPN
                        Geobop Level 1

                        Bad service? I bought all my domain names from GoDaddy (and pay them my annual dues). I haven't had any bad experiences so far, but I always feel a little nervous about a big corporation effectively controlling all my websites.

                        • 9. Re: HTTPS + VPN
                          Nancy OShea Adobe Community Professional & MVP

                          I don't have much love for GoDaddy's shared hosting plans because they lump you in with about a hundred other sites -- all with the same IP address which is dead wrong. 

                           

                          If you're using HTTPS for a shopping cart site, as an example, see Lawrence's comments in this other thread.

                          http://forums.adobe.com/message/5277264

                           

                           

                           

                          Nancy O.