Jump to content
The Uniform Server Community

Every website should use SSL to secure user information. Why SSL?


thesslstore.com
 Share

Recommended Posts

There are approximately 193,000,000 registered domains and new registrations are growing at a rapid pace. Every day thousands of new websites are launched, and most of these domains are to support these sites. The majority of websites have a section where users can log in and perform certain tasks such as check their email, update their personal information, or purchase products and services.

 

To log in, users enter their user name and password in a box and click the submit button. What they may not realize is that both of these sensitive pieces of data are now being transmitted from the user’s PC to the web server, unencrypted, if there’s no SSL installed. What happens if someone is monitoring the data traffic and hijacks their information? Bingo! They have access to their account. Keeping their account data secure is probably one of their biggest concerns and yet they’ve just revealed their ‘secret’ login information to complete strangers. Plus—it doesn’t stop there—since most people use the same user name and password for other accounts, including their bank accounts.

 

Unfortunately, most companies aren’t taking this seriously enough because, in their mind, they’re not storing data. Sort of a mute point if they’re enabling access to everyone’s private information.

 

Every website—without exception—should have an SSL certificate installed and users should only be allowed to log in using the HTTPS mode. Today you can get an SSL certificate for less than $20 per month, and what it ultimately saves companies and their customers is priceless. As consumers get more and more security savvy, they’ll only do business with companies that care enough to take these simple and affordable steps to protect their data.

Keeping my private information secure is very important to me. I personally will not log in to a website that’s not protected with an SSL certificate. How do I know if it has an SSL certificate? I look for the padlock symbol in the upper-right browser bar. If displayed, the padlock gives me peace of mind that my information is being encrypted during transmission. It’s a simple and inexpensive thing but, to me, that little symbol is a big deal.

Here are some examples:

CHROME:

Padlock1.jpg

INTERNET EXPLORER

PadlockIE.jpg

SSL certificate

WildCard SSL Certificate | GeoTrust WildCard | SSL certificate is available now on @ TheSSLstore.com

Link to comment
Share on other sites

Your information is actually quite good. Even though you might be a bot and advertising for SSL.

 

misc-cookie.gif

 

For everyone who stumble upon it, click image.

 

Anyway, I am not using SSL. But I think Uniform Server have it by default?

I am representing the open tibia community otland.net
otland.net is contributing open source server software to an 2d mmorpg game called Tibia.

Here are some Uniform server tutorials/guide contributions from me:
VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)
http://youtu.be/AsyxPhDTOcI

Uniform Server newbie guide:
Securely installing Uniform Server for total newbeginners:
http://otland.net/f479/nothing-fully-worki...-0-3-6-a-77593/
(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).

How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)
http://otland.net/f479/website-installing-...m-server-91951/

Link to comment
Share on other sites

That's true, BUT...

The hassle with SSL is really because of the certificate. UniformServer lets you create and sign your own certificate, but true SSL requires that the cert be issued by a known root authority, like Verisign. This involves $$, and on an ongoing basis.

So while we all can agree on the desirability of using SSL for all connections, only people who have a net income from their site (or a requirement for validation) will be willing to fork over to the Cert Authority.

Without a valid cert, people who connect will get a warning about your site's certificate.

Link to comment
Share on other sites

  • 1 month later...

Sure, commercial sites pay to have public CA signed certs so people can trust, but for local sites it is possible to have a centralized CA than per site self-signed plan, which makes it easier to deploy in limited community ...

 

That's true, BUT...

The hassle with SSL is really because of the certificate. UniformServer lets you create and sign your own certificate, but true SSL requires that the cert be issued by a known root authority, like Verisign. This involves $$, and on an ongoing basis.

So while we all can agree on the desirability of using SSL for all connections, only people who have a net income from their site (or a requirement for validation) will be willing to fork over to the Cert Authority.

Without a valid cert, people who connect will get a warning about your site's certificate.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...