I have a site... let's call it mysite.com. On this site, there's the sign up section which I think should be the secure part of this site.
a) Should I enable ssl on the entire site, or just the sign up part (e.g. signup.mysite.com) b) What are the pros and cons of enabling it for the whole site?
Forcing entire site to use SSL will eat your bandwidth since all content is encrypted, including images. Please check apache ssl faq for more info
The pro is increased security and privacy for all pages on your site, and the down-side is lower performance because of the need to encrypt/decrypt traffic at both ends of the connection.
For some high-profile public sites such as GMail, which used SSL for sign-in only, there has been mounting pressure to make all pages use SSL.
I would say, try it and see if the performance is a problem. If not, well and good; otherwise you can always fall back to SSL for sign-in only.
It depends on what your site serves. If the data it serves is sensitive, then providing a full SSL encrypted connection is a bonus.
But, as others have mentioned you will eat your bandwidth. SSL encrypted data, be it images, HTML pages or other information is not (supposed to be) cached on the client, so every time the user restarts the browser the files are downloaded again.
I would agree with Vinay, provide signon/signup over SSL and then fall back to normal HTTP, then see.
The other approach may be to provide all your static content over HTTP while all the sensitive content over HTTPS (e.g. if you use systems like ExtJS then the pages are static files and the data is all retrieved via AJAX).
Of course, if you're serving sensitive information (e.g. banking information) where the data itself is always sensitive then go full SSL and eat the costs.
Using entirely SSL will not necessarily increase your bandwidth bills. Encryption does not make the data bigger. Be sure you enable Deflate compression aswell.
Where SSL might increase your bandwidth bill is some browsers (firefox) do not cache pages retrieved over SSL to disc. This means the next time a user visits your site after quitting thier browser, they will download every single bit of content again.
If you opt to ensure user privacy, make sure that any cookies your site sends out have the 'send over SSL only' flag set otherwise users can be tricked into giving out that cookie in clear with some very simple phishing.
SSL also means paying for a certificate signed by a meaningful CA, which in some cases will cost more than your brandwidth.