

Ask HN: Should tiered-priced apps charge a premium for SSL support? - andrewingram

With the recent widespread attention of session hijacking thanks to Firesheep, I'm hopeful that more developers are going to think seriously about ways to prevent it. With SSL being an obvious solution, I'm wondering if it's reasonable for services like typekit to only offer SSL serving to their top-paying customers.&#60;p&#62;(I don't mean to pick on typekit, but they're the only example I could find at the time)&#60;p&#62;Given the ease of making sites with some kind of login functionality these days, it seems that being able to use SSL should no longer be seen as a premium service.
======
vgurgov
I believe that having your users protected is not a premium feature, but
responsibility of any respectable service. If SSL required for that - it
should be offered for free.

~~~
andrewingram
With typekit the issue is slightly different in that no session data is
leaked, but having a non-SSL resource (ie a typekit font) on an SSL page will
throw up warnings in some browsers.

