[ale] SSL Homepage

[Hogg, Russell E]

 


Hi All,
  I have a question and need a couple of ideas.  I work on a Government run website that tracks user benefits/pay/travel blah blah and so on.  The homepage is currently setup to require SSL.  This is causing all sorts of problems as the SSL requirement on that DOC is slowing it down significantly.

There are login and pasword prompts on the page.  I firmly believe that since the post uses HTTPS that there is no need to make the actual homepage load via SSL.

This is where the question comes in.  I'm right aren't I?  Why would the homepage load need to be secure?  The site takes millions of hits a day, if I could convince them that it's safe to pull the SSL requirement, we'd see a serious jump in response and load time at least for the initial page and perhaps even across the site. 

This is where I need ideas.  A little bit of googling for evidence or examples of this case got me no where.  Perhaps I just couldn't figure out the right words to search on.  Any body think of a good way for me to prove either by action or example that we are safe to pull the SSL requirement on the homepage?

Thanks


Russ



  



 
 
_ ___________________________________ _
Russell Hogg
ctcrreho at opm.gov
 
 




-------------------------------
--  Even though this E-Mail has been scanned and found clean of  
--  known viruses, OPM can not guarantee this message is virus free.
-------------------------------
--  This message was automatically generated.
-------------------------------do