Quote:
Originally Posted by MrWooster
Everyone who says https is too resource intensive, thats not quite true. Yes, https is more resource intensive than http, and yes, 5 years ago, it was a huge overhead, but now days, https adds a minimum overhead.
There is no reason for https not to be turned on, and not implementing it is a HUGE security floor imo.
We already know they've been struggling with inadequate capacity (I think I read that somewhere). Dunno where the bottleneck is, however. If they're struggling with the front-end side of it facing the browsers, adding HTTPS may make the situation worse. On the other hand, if they're having backend DB issues, say, they may have gobs of capacity and won't notice the SSL overhead.
But if they hired a super-high-end security firm to come in and make sure everything was safe and secure, you'd kinda think "ENABLE HTTPS!!!" woulda been pretty high on said company's list of recommendations.