Another thing to consider is the change in speed, although I don't understand the technical side of these things, I am aware of a few instances where the https version is signicantly slower than the http version - to the point where it has been unusable. I don't know if that is just down to the way that they did it, or whether this is an unavoidable consequence of https. Dave Foord A6 Training and Consultancy Ltd Mobile: 07922115678 Tel/Fax: 01509 556950 web: www.A6training.co.uk Skype:dave.foord A6 Training and Consultancy LTD is a registered Company 6025999 (registered in England and Wales). Registered Office: 8 Cartland Drive, Loughborough, Leicestershire, LE11 5YD -----Original Message----- From: Virtual Learning Environments [mailto:[log in to unmask]] On Behalf Of Adam Marshall Sent: 18 May 2009 12:24 To: [log in to unmask] Subject: [VLES] is your VLE's URL http or https ? We're not sure whether to run our VLE as http or https. If we use https then obviously all content is encrypted and we can use secure cookies meaning the likelihood of man-in-the-middle attacks or session stealing are very low indeed. However, there is a huge drawback in that if somebody embeds a You Tube video, or flickr photo-stream or the like (which can only be accessed by http) then MS Internet Explorer throws up scary looking warnings about the page containing 'secure and non-secure items' causing some users to panic and others to think that the VLE is somehow at fault. Using http means that such messages don't appear but that session stealing or man-in-the-middle attacks are a lot more likely. We could allow both http and https but this doesn't stop session stealing or man-in-the-middle attacks at all. Basically it's a no-win situation unless you ban people from using Internet Explorer which would be an admirable stance but which would never happen in practice! What approach have other institutions taken? Adam -- Adam Marshall: OUCS, 13, Banbury Rd. Oxford OX2 6NN. The upcoming new WebLearn service: http://beta.weblearn.ox.ac.uk Shameless plug: http://www.myspace.com/wheresthebeachmusic Cheese of the month: Double Gloucester - shouldnt be overlooked! ***************** List information: ***************** Remember - replies go by default to the entire list. Access the list via the web on http://www.jiscmail.ac.uk/lists/vle.html To unsubscribe, email [log in to unmask] with the message: leave vle ***************** List information: ***************** Remember - replies go by default to the entire list. Access the list via the web on http://www.jiscmail.ac.uk/lists/vle.html To unsubscribe, email [log in to unmask] with the message: leave vle