When then would you like to pay for it? Provide funding for every login form to have SSL?Originally Posted by Arkh
| SitePoint Sponsor |
When then would you like to pay for it? Provide funding for every login form to have SSL?
You pay for some server already ? Then adding some more for SSL instead of more CPU power / disk space / bandwidth may be an idea.
Or better, use openID or some other login service.
We're not responsible for saving the user from their own stupidity or carelessness. Not yet, anyway. But give Dear Leader time to introduce Appropriate Legislation....
*Checks= forum section name* Web security. I'm sorry, but working on security mean you have to work around the user stupidity. That's more work from the developper to help the user not having to do any effort, isn't all info things done just for that ? Helping the user not have to work to achieve something.
Not being being held responsible for something by higher autorities does not mean your clients will like to know their passwords leaked from your hacked database.
Well, the only thing to add is that anyone shall have SSl certificate installed on their website when transmits sensitive information - credit cards, personal data, etc.
Host Color
Web Hosting | VPS Hosting | Dedicated Servers
Web hosting about people, not about gigabytes - since 2000
If information is not confidential and the only reason for SSL/TLS is to protect authentication process, you could use OpenID or other hosted authentication service (that you trust of course), or implement SRP.
Anyhow, there should be a good reason not to use SSL/TLS, because not only does it provide secrecy of transfered data, but data integrity as well - meaning that it assures that no one has changed anything on the page (which is very important for all authentication methods that rely on client side JavaScript).
really? what about when you store that information on your server? Not trasmit but just store it.
Where SSL is useful is in protecting the passwords from sniffers. Anytime they use Public WiFi/Hotspots, an unencrypted password could be stolen. If the data on the site isn't that critical, then don't worry too much; if it is important, then you should be using SSL.
SSL is an interesting illusion: many people assume a site is "secure" when it has SSL, when in fact all SSL protects you from is password sniffing. A database of unencrypted passwords could be far more devastating, and is actually a bigger (but invisible) development mistake.
Thanks For Share..
Posting Permissions
Bookmarks