My website is an information only website and all the information on it is available to all those who visit the website. There is no sensitive data and no user sessions\logins.
The content on my http site is available over both http and https. All the pages on my site are http pages. We have to load the content on the http site from https. We have been asked to do a force redirect to https for all the http reuests. I have the below queries
1. Is it ok to have content on https and the site on http. Are there any issues with this approach? Is it recommended?
2. Considering that the user sees only the 'http' url, the user still thinks he's on an unsafe site. That doesn't help?
3. Is doing a force redirect for all the http urls to https the right approach for this?
4. The main concern raised for having the content on https was that the traffic between content administrator and EPIserver CMS was not secure. Considering that there is no sensitive data, is this a valid argument? Are there any other security concerns (For eg an attacker being able to change the content) ?
5. Related to the query above, is it fine just to have the login page to the CMS over https?
6. Are there any other things I need to be aware of?
Any guidance on the above queries would be really helpful.