07-02-2011, 05:59 PM
yeah, HTTPS seems to be becoming more commonplace for non-sensitive information. We simply don't have any sensitive data on our servers, and the passwords are MD5 hashed and salted, so the only realistic way to gain access to Bring4th would be to sniff network packets. And that's assuming a hacker is lucky enough to hit someone using a standard WEP key instead of WPA, whereby they can hack the wi-fi connection to even begin eavesdropping on packets.
So we all weighed this out in 2008 and decided that there's no real value in making the entire site secure.
Long story short, we'll probably look into using a site-wide cert for the next Bring4th version, with a separate cert for the store, since L/L likes the idea of using store.bring4th.org, meaning one cert can't cover two different domain names.
These are all good opinions, and you all are helping me to validate a lot of what is on deck for the upcoming development.
Thanks for all the input!
Steve
So we all weighed this out in 2008 and decided that there's no real value in making the entire site secure.
Long story short, we'll probably look into using a site-wide cert for the next Bring4th version, with a separate cert for the store, since L/L likes the idea of using store.bring4th.org, meaning one cert can't cover two different domain names.
These are all good opinions, and you all are helping me to validate a lot of what is on deck for the upcoming development.
Thanks for all the input!
Steve