I'm controlling an internet application that dynamically flicks between http and https with respect to the page. I wish to be rid a lot of extra code accustomed to switch between http and https but I wish to understand any implications before I continue.
Can there be any benefit to serving a part of a website using http over https?
Obviously there's some performance drop when utilizing https, but it's not significant unless of course you possess an very busy server. See
HTTP isn't a secure protocol and anybody can intercept the sent data in cleartext (e.g. session snacks, passwords, charge card amounts, sexual fetishes). If you're able to, you need to provide consistent HTTPS service throughout.
Nevertheless, by the appearance of the general publicOrpersonal key security, you are able to just use HTTPS on the server in which you have total and sole treatments for the Ip, because the client first looks in the Ip, then demands the secure protocol, and just then helps make the HTTP query. This means that you can't deploy HTTPS on virtual hosts (hosting that is shared).
(Since you have an incomplete HTTPS solution, I imagine that's no problem for you personally, though.)
Another downside would be that the secure handshake and then file encryption require computing assets, to ensure that for those who have bazillions of connections, you might feel a significant hit in your server performance. That's that you should consider, though.
Short form: For those who have a devoted Ip and enough computing assets, always and solely use HTTPS.
Using http is faster than https clearly since you don't have the ssl handshake overhead throughout connection establishment or even the extra file encryption/decryption delay.
Should you just have parts of the how do people be secure e.g. just secure the login qualifications, then it seems sensible to achieve the code for that redirection to ensure that the interaction after that's faster because of plain-text http.
If you will find many regions of your website that should be secure, then you may make dimensions using https completely if the performance is considerably affected.
If you notice no significant performance issues (or even the performance is acceptable), then you may simplify your software design and take away the redirection logic between http<->https and employ https everywhere.