I’m developping a web site for a broker (JSF 2 + richfaces + oracle 10g), and i wanted to have your opinion concerning HTTPS (because i think it’s not necessary in my case, since the user won’t give any important details).
So:
- to enter the web site, the user has to authenticate himself (using JAAS)
- there’s a page showing Stock Market data (it’s financial data, so it’s not that important)
- the user can buy/sell stocks : he gives quantity, price, the account ( not bank account) for which he will buy/sell
- the user can see his accounts, what stocks he has, past operations, etc….
Is it necessary to use SSL in my case ?
Yes, it sure sounds like it. Authentication usually involves sending a username/password combination to the server. That should never be done in clear text, so that requirement alone would make SSL a good idea. Furthermore, buying and selling stocks sounds like something that you would want to do in a secure manner.
I don’t even understand what your concern is. Having an SSL protected website does not mean that you have to write a single line of code. It’s just a question of buying an ssl certificate and configuring your web server.