Geek Answers Handbook

Does https need a good idea to create all of my methods?

I use asp.net web api and I use basic auth to authorize my users. I need HTTPS for all calls requiring authorization, but for all calls for which I do not require authorization (for example, to register), should I just make them in https, as well as for consistency? Is there something like a performance improvement, etc. that can occur if I do not use https for these calls.

+4
source share
3 answers

The overhead for HTTPS is currently trivial for most systems (see How much overhead does SSL impose? ). I am a fan of HTTPS everywhere, as it is more protected from cross-cutting tasks and costs almost nothing to implement, but your mileage may vary. If this bothers you the performance impact you might have, implement it, and then profile your application and see what the difference is.

+3
source

Http provides great performance because encryption in https increases the size of the request and response, and additional processing is required for encryption and decryption. Today, machines are very fast to handle https overhead without any noticeable performance degradation. security is more important than a small increase in performance , if you need to transfer a username / register, this may be a security violation.

+2
source

Based on your tags, I'm going to suggest that AJAX probably works here. If this is true, you will be much better off sticking to a single access scheme. Otherwise, there will be compatibility issues between browsers and potentially pose security vulnerabilities.

If you are not doing something like transferring large media files / streams, then a modest performance boost is probably not even worth considering.

Note: potential vulnerabilities go beyond the obvious case when you send sensitive data over an insecure connection. see https://developer.mozilla.org/en-US/docs/Security/MixedContent , for example.

+1
source

More articles:


All Articles