SitePoint Sponsor

User Tag List

Page 3 of 3 FirstFirst 123
Results 51 to 59 of 59
  1. #51
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Arkh View Post
    It should....
    When then would you like to pay for it? Provide funding for every login form to have SSL?
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  2. #52
    SitePoint Enthusiast
    Join Date
    Sep 2008
    Posts
    68
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    When then would you like to pay for it? Provide funding for every login form to have SSL?
    You pay for some server already ? Then adding some more for SSL instead of more CPU power / disk space / bandwidth may be an idea.
    Or better, use openID or some other login service.

  3. #53
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Arkh View Post
    It should. You already admitted that at least some of your users use the same password for other things, then you should help protect it.
    We're not responsible for saving the user from their own stupidity or carelessness. Not yet, anyway. But give Dear Leader time to introduce Appropriate Legislation....

  4. #54
    SitePoint Enthusiast
    Join Date
    Sep 2008
    Posts
    68
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by World Wide Weird View Post
    We're not responsible for saving the user from their own stupidity or carelessness. Not yet, anyway. But give Dear Leader time to introduce Appropriate Legislation....
    *Checks= forum section name* Web security. I'm sorry, but working on security mean you have to work around the user stupidity. That's more work from the developper to help the user not having to do any effort, isn't all info things done just for that ? Helping the user not have to work to achieve something.
    Not being being held responsible for something by higher autorities does not mean your clients will like to know their passwords leaked from your hacked database.

  5. #55
    Web Host fcolor's Avatar
    Join Date
    Feb 2003
    Location
    South Bend, IN
    Posts
    507
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, the only thing to add is that anyone shall have SSl certificate installed on their website when transmits sensitive information - credit cards, personal data, etc.
    HostColor.com
    Colocation | Dedicated Servers | VPS Hosting
    Web hosting provider since 2000

  6. #56
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If information is not confidential and the only reason for SSL/TLS is to protect authentication process, you could use OpenID or other hosted authentication service (that you trust of course), or implement SRP.

    Anyhow, there should be a good reason not to use SSL/TLS, because not only does it provide secrecy of transfered data, but data integrity as well - meaning that it assures that no one has changed anything on the page (which is very important for all authentication methods that rely on client side JavaScript).

  7. #57
    SitePoint Zealot Spartinman's Avatar
    Join Date
    Nov 2009
    Location
    Florida USA
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by fcolor View Post
    Well, the only thing to add is that anyone shall have SSl certificate installed on their website when transmits sensitive information - credit cards, personal data, etc.
    really? what about when you store that information on your server? Not trasmit but just store it.

  8. #58
    SitePoint Enthusiast
    Join Date
    May 2005
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Where SSL is useful is in protecting the passwords from sniffers. Anytime they use Public WiFi/Hotspots, an unencrypted password could be stolen. If the data on the site isn't that critical, then don't worry too much; if it is important, then you should be using SSL.

    SSL is an interesting illusion: many people assume a site is "secure" when it has SSL, when in fact all SSL protects you from is password sniffing. A database of unencrypted passwords could be far more devastating, and is actually a bigger (but invisible) development mistake.

  9. #59
    SitePoint Member
    Join Date
    Jan 2010
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks For Share..


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •