Hello, Since this is my first post (been reading here for a very long time) I will begin by telling everyone about myself. I've been hosting large business class websites for many years. Recently (beginning of the year) I decided to open a web hosting business for personal sites and small business owners, with more focus to small business owners. I have over 9 years linux experience and over 5 years experience in the hosting biz. With this new business I'm starting with fresh ideas, fresh blood (staff) and fresh cash. One of the main niches of the business will be to provide customers with supprt they need, I'm not talking about a hype of 24/7 support, I'm talking about. You need help, you call. You won't get someone in india you will get an engineer with billing, server access, Engineer knowledge. Of course our prices are much higher than others.

On to my question.

The website is a work in progress and before going live with it I was wondering what was best as to have the whole site protected via ssl or just the order portion of the site. The main thing i'm worried about with it being all ssl is search spiders won't index it. However I like the idea of being all encrypted.

Thanks

I see no reason to use SSL on the entire site. It would take additional system resources to do this I believe.

I'd vote to just SSL the order section.

I'd tend to agree. Indexing concerns aside, SSL will add overhead to the processing ofpage requests unless you go the somewhat expensive route of adding a crypto co-processor card to the server.

Thanks. Also, I would like to point out that the ssl dir and regular dirs are separated. I'm using php and created an index page which pulls in the rest of the pages via include(); Its going to be a little more work to pull in the ssl page from a non ssl page from a separate dir. This is another reason I'm trying to justify whether to have whole or part ssl.

Thanks

In general you do not need or want to SSL encrypt your public, non-sensitive web pages because, as other have said, it adds overhead and there are really no valid reasons.

It sounds like you're trying to justify it because it makes sense based on your architecture choice of splitting the SSL site from the main website and having to include across sites. I would recommend you revisit your architecture choice rather than consider going SSL across the board.

sirtwist, That makes perfect sense. Thank you everyone for your feedback.. Seems that I have work to do.

You can include files from external directories with PHP without violating SSL. PHP is ran server-side so the files are accessed before the client knows. Though you would have to basically have a second copy of all your images so that they could be served via ssl.