Jump to content


Photo

Every website should use SSL to secure user information. Why SSL?


  • Please log in to reply
3 replies to this topic

#1 thesslstore.com

thesslstore.com

    Newbie

  • Member
  • Pip
  • 1 posts
  • Location:St. Petersburg, FL
  • Interests:SSL Certificates: VeriSign, GeoTrust, Thawte, RapidSSL, eCommerce, Network Security, eCommerce Business Security,
  • Main OS: Windows Vista

Posted 12 October 2010 - 05:30 AM

There are approximately 193,000,000 registered domains and new registrations are growing at a rapid pace. Every day thousands of new websites are launched, and most of these domains are to support these sites. The majority of websites have a section where users can log in and perform certain tasks such as check their email, update their personal information, or purchase products and services.

To log in, users enter their user name and password in a box and click the submit button. What they may not realize is that both of these sensitive pieces of data are now being transmitted from the user’s PC to the web server, unencrypted, if there’s no SSL installed. What happens if someone is monitoring the data traffic and hijacks their information? Bingo! They have access to their account. Keeping their account data secure is probably one of their biggest concerns and yet they’ve just revealed their ‘secret’ login information to complete strangers. Plus—it doesn’t stop there—since most people use the same user name and password for other accounts, including their bank accounts.

Unfortunately, most companies aren’t taking this seriously enough because, in their mind, they’re not storing data. Sort of a mute point if they’re enabling access to everyone’s private information.

Every website—without exception—should have an SSL certificate installed and users should only be allowed to log in using the HTTPS mode. Today you can get an SSL certificate for less than $20 per month, and what it ultimately saves companies and their customers is priceless. As consumers get more and more security savvy, they’ll only do business with companies that care enough to take these simple and affordable steps to protect their data.
Keeping my private information secure is very important to me. I personally will not log in to a website that’s not protected with an SSL certificate. How do I know if it has an SSL certificate? I look for the padlock symbol in the upper-right browser bar. If displayed, the padlock gives me peace of mind that my information is being encrypted during transmission. It’s a simple and inexpensive thing but, to me, that little symbol is a big deal.
Here are some examples:
CHROME:
Posted Image
INTERNET EXPLORER
Posted Image
SSL certificate
WildCard SSL Certificate | GeoTrust WildCard | SSL certificate is available now on @ TheSSLstore.com

#2 Znote

Znote

    Junior Member

  • Member
  • Pip
  • 37 posts
  • Gender:Male
  • Main OS: Windows 7

Posted 14 October 2010 - 03:40 AM

Your information is actually quite good. Even though you might be a bot and advertising for SSL.

Posted Image

For everyone who stumble upon it, click image.

Anyway, I am not using SSL. But I think Uniform Server have it by default?

I am representing the open tibia community otland.net
otland.net is contributing open source server software to an 2d mmorpg game called Tibia.

Here are some Uniform server tutorials/guide contributions from me:
VIDEO TUTORIAL: I teach newbreeds to install and operate uniform server: (Updated for Coral 8.x)
http://youtu.be/AsyxPhDTOcI

Uniform Server newbie guide:
Securely installing Uniform Server for total newbeginners:
http://otland.net/f4...-0-3-6-a-77593/
(also contains how to get our open source tibia game, and connect it successfully to the uniform mysql server).

How to add a website for our open source tibia game which includes highscore, create account and so on: (On uniform server)
http://otland.net/f4...m-server-91951/


#3 BobS

BobS

    Project Helper

  • Super Moderator
  • PipPipPip
  • 334 posts
  • Location:Santiago Chile
  • Interests:Retiring, computer systems, system design, model railroads....
  • Wiki ID: BobS
  • Main OS: Windows 7

Posted 19 October 2010 - 03:14 PM

That's true, BUT...
The hassle with SSL is really because of the certificate. UniformServer lets you create and sign your own certificate, but true SSL requires that the cert be issued by a known root authority, like Verisign. This involves $$, and on an ongoing basis.
So while we all can agree on the desirability of using SSL for all connections, only people who have a net income from their site (or a requirement for validation) will be willing to fork over to the Cert Authority.
Without a valid cert, people who connect will get a warning about your site's certificate.

#4 Shyokou Ouyou

Shyokou Ouyou

    Member

  • Member
  • PipPip
  • 72 posts
  • Main OS: Windows XP

Posted 06 December 2010 - 11:20 PM


Sure, commercial sites pay to have public CA signed certs so people can trust, but for local sites it is possible to have a centralized CA than per site self-signed plan, which makes it easier to deploy in limited community ...


That's true, BUT...
The hassle with SSL is really because of the certificate. UniformServer lets you create and sign your own certificate, but true SSL requires that the cert be issued by a known root authority, like Verisign. This involves $$, and on an ongoing basis.
So while we all can agree on the desirability of using SSL for all connections, only people who have a net income from their site (or a requirement for validation) will be willing to fork over to the Cert Authority.
Without a valid cert, people who connect will get a warning about your site's certificate.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users