Heroku seems great, but most non-trivial applications require authentication, and conventional authentication schemes require an SSL connection, and it’s impossible to get https://your_app_name.com (you can only get https://your_app_name.heroku.com).
So if you’re using Heroku, is it that:
- You don’t mind directing users to
another domain (seems pretty
bad) - You don’t mind foregoing
SSL for authentication (seems really
bad) - Your app doesn’t require authentication
This is now a moot point. According to the documentation (http://docs.heroku.com/ssl, see http://addons.heroku.com/ for pricing), Heroku now allows custom domains to have SSL through their SSL Endpoint addon.
https://devcenter.heroku.com/articles/ssl-endpoint
Heroku also just announced support for SNI. This will allow them to attach SSL to any domain hosted on Heroku’s service. It is still in beta but should get pushed to every one soon. Heroku continues to improve their security offerings.