web application – Is mixing HTTP with HTTPS a problem?

Question:

On my site I'm using normal HTTP links , but where it contains transaction data, like in forms, for example, I use HTTPS which is a shared SSL certificate provided by my hosting server.

I don't intend to keep it that way, I'll have bought an certificado SSL soon, but for now the site is mixed with HTTP and HTTPS only on some pages.

Is it wrong to mix the two on a website this way?

Answer:

Generally speaking, it's not a problem. Of course you have to do it right. I find that some people are not sure which pages should be encrypted, and end up encrypting what is not secret and sending decrypted data. There is a problem.

There is also some difficulty if a safe page loads unsafe elements, but that doesn't seem to be the case, this includes iframes so beware if the insecure page is inside an iframe contained in a safe page.

Of course there may be a specific problem in a scenario depending on what you're doing, but it's more for the scenario, it's not normal.

Since your plan is to encrypt everything later, it's okay to start that way. Future versions of browsers may start to indicate issues, but it doesn't happen now. Even this won't make navigation difficult, there will only be an indication that you are on an unsafe page. There is a solution for everything. It will only be a problem the day they force everything to be encrypted, which I doubt will happen. Still, the problem won't be mixing secure and unsafe pages.

Scroll to Top