Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Hey just a quick question for any experts out there. I have a site that lets users interact through messages and to sign up you just make a username and password, verify your age, and optionally, add an email. There isn’t really any sensitive information I suppose. Is it worth using https. Will it prevent session hi jacking and will it hinder performance?
Anytime you use a username/password you should absolutely secure the entire session with HTTPS. The cost to you is fairly minor compared to the potential cost to your users if their passwords are exposed. Research consistently shows that people use the same password for nearly every system they access.
Additionally, beyond the risk of password exposure, consider that your site is a communications tool. What’s the potential risk or harm to your users of being impersonated? Of having malicious messages sent under their identity?
It’s just not worth the risk. Secure the transport at the very least.