Conrad Irwin <conrad.irwin <at> gmail.com> writes:
There is no real massive load caused by https at
runtime. There is however
a significant chink of developer and sysadmin time needed to implement this
and make it work.
Secure login in itself shouldn't require reconfiguration of the SSL
architecture, though. The login form could simply redirect to a page on the
secure server, and use the image cookie method already in use for global logins.
That would take care of password stealing without requiring extensive
configuration or development efforts, and cookie stealing in itself is not that
much of an issue: only admin sessions are worth stealing, and the chances of an
attacker happening to be next to an admin on open wifi are very small. (Sure, it
would be better to provide a decent https interface and require them to use it,
because script injection is not a good thing, but apparently it won't happen
anytime soon, and we shouldn't hold back on implementing secure login because of
that.)