Would it be beneficial to use SSL on a CMS backend? The only sensitive data I can think of is the password. The password, as it is now, is encrypted with MCRYPT_RIJNDAEL_256 and a key.
Any comments are appreciated 🙂
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Would it be beneficial to use SSL on a CMS backend? The only sensitive data I can think of is the password. The password, as it is now, is encrypted with MCRYPT_RIJNDAEL_256 and a key.
Any comments are appreciated 🙂
Yes you absolutely should. While you use a good encryption, unless you’re adding a SALT to the password, it is likely easily looked up in a pre-computed hash table (rainbow table) and you can probably find it online within a matter of seconds.
CMS is something you definitely want to be secure about since it potentially gives someone complete access to the content of your website to maliciously alter as they wish, or possibly exploit from there to gain access to the server or disable your login.
Https doesn’t really add any overhead, but it’s very simple to add. I’d recommend it, even though it’s not going to provide perfect security, some is better than none!