Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m working on a small website for a local church. The site needs to allow administrators to edit content and post new events/updates. The only “secure” information managed by the site will be the admins’ login info and a church directory with phone numbers and addresses.
How at risk would I be if I were to go without SSL and just have the users login using straight HTTP? Normally I wouldn’t even consider this, but it’s a small church and they need to save money wherever possible.
Well, if you don’t use SSL, you will always be at a higher risk for someone trying to sniff your passwords. You probably just need to evaluate the risk factor of your site.
Also remember that even having SSL does not guarentee that your data is safe. It is really all in how you code it to make sure you provide the extra protection to your site.
I would suggest using a one way password encryption algorythm and validate that way.
Also, you can get SSL certificates really cheap, I have used Geotrust before and got a certification for 250.00. I am sure there are those out there that are cheaper.