Is SSL necessary in this scenario?

[LTeeple]

Hi all, just a quick question. I browsed through the search for website security, but didn't have my specific quesiton addressed, so here goes:

On a website, there is a basic form, requesting username, home address, phone number, etc. (no passwords or credit cards)

This form submits to a database.

Should I have this form protected with ssl?

(

https://)

as opposed to (

http://)

Thanks for your time.


Cheers!
Laura

 

[TruthInSatire]

if only it were as easy as changing http to https...

I'd say no. the he only time you would use ssl is if you're collecting information that can be damaging to the person entering the information. besides, my guess is you're not protecting the stored data in any special way (encryption or otherwise) so not much point i don't think.

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Putt's Law

 

[LTeeple]

Well, the data *could* be encrypted prior to writing to the database. The forms *could* appear on secure page.

In the past, I've only used secure pages for administrators to *view* the data that users have entered in the forms in question, or for pages that require restricted access.

It would seem to me that the non-techie end-user might think that they are unduly exposing themselves by entering in their name, address and phone number on a web page that doesn't start with https:// . Is this true. Would they be more 'protected'?

What do you mean if it were as easy as changing http:// to https:// ?

Thanks again,


Cheers!
Laura

 

[TruthInSatire]

you can't just change the address from http to https. you have to buy a cert and set it up. a real pain in the tush.



Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Putt's Law

 

[TruthInSatire]

there are plenty of password sites out there that don't use https. look at tt for example. and lets take it one step further... look at your profile then view source. find the form your info is in and notice your password in the text box... so much for using *** to protect the value...

i wouldn't worry about it in your case.

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Putt's Law

 

[LTeeple]

SimulatedFun

Thank you for your responses.

My server indeed has valid certificates, SSL is fully set up.

So in this case, it would be as simple as https://


Cheers!
Laura

 

[TruthInSatire]

ah. didn't know. but i still don't think its necessary, but if you have easy access, it's not going to hurt anything either.

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand. - Putt's Law

 

[tviman]

Laura...

Since HTTPS is already provided by your hosting company, there is no harm in putting your form and the database on the HTTPS "side" of your site. It's not costing you anything as far as performance or overhead AND it just might be what it takes to ease the minds of those who think that the world is out to get them.

There's always a better way. The fun is trying to find it!