New Posts  All Forums:Forum Nav:

SSL Certs.

post #1 of 3
Thread Starter 
I was curios to know the guys that use them on eCommerce sites, do you ever add a SSL to your login screens?? I know some do, but what are the pros and cons for adding one to my user login.
Edited by graphicsman - 1/5/12 at 12:22pm
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
OverKill
(18 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1055T Gigabyte 890FXA ATI FirePro V3800 ATI FirePro V3800 
RAMHard DriveHard DriveOptical Drive
16gb GSkill 10666 Seagate Western Digital  LG Blue Ray 
CoolingOSMonitorMonitor
stock air 7 Pro 64 bit (2)22" Acer x223w (2)23" Acer G235H 
KeyboardPowerCaseMouse
Microsoft Wireless Antec 900watt Antec 300 Wacom Tablet 
Audio
Logitech Speakers and sub 
  hide details  
Reply
post #2 of 3
Quote:
Originally Posted by graphicsman View Post

I was curios to know the guys that use them on eCommerce sites, do you ever add a SSL to your login screens?? I know some do, but what are the pros and cons for adding one to my user login.

For eCommerce then I'd say it is essential to have SSL on your log in screens else you're sending plain text login details to the server (which is a very bad idea when money is involved).

Plus, even if you do devise a clever way to dynamically have unique per-session encryption that can still be deciphered at the server end, you are still making it very easy for session hijacking over wifi.
Edited by Plan9 - 1/5/12 at 2:42pm
post #3 of 3
For eCommerce you need a SSL Certificate, and PCI-DSS certification if you are going to be storing credit card data.

PROS: Content is encrypted and cannot be read by any third partys. Phishing protection if using a organization validated or extended valid cert.

CONS: Overhead, and resources required to encrypt content. This is why I only purchase intel dedicated servers with the AES-NI instructions. It will slow your site down especially if you are on a shared hosting environment.

here is my login https://ulatan.org/
Edited by ULAWE - 1/5/12 at 3:41pm
Dreamweaver
(13 items)
 
  
CPUMotherboardGraphicsRAM
4.01GHz AMD 1090T X6 Black Edition Asus Crosshair Formula IV AM3 x2 XFX & SAPH ATI 5970 Crossfired 4x4GB 16GB Sector 5 Patriot Ram DDR3 Xtreme Memory 
Hard DriveOSMonitorKeyboard
OCZ 250GB Vertex II SSD/80GB Intel SSD Win 7 64 Ultimate x3 VW266H 26" HD LCD Logitech G15 
PowerCaseMouse
Cooler Master Silent PRO-m 1000W Cosmos 1000 Logitech G5000 
  hide details  
Reply
Dreamweaver
(13 items)
 
  
CPUMotherboardGraphicsRAM
4.01GHz AMD 1090T X6 Black Edition Asus Crosshair Formula IV AM3 x2 XFX & SAPH ATI 5970 Crossfired 4x4GB 16GB Sector 5 Patriot Ram DDR3 Xtreme Memory 
Hard DriveOSMonitorKeyboard
OCZ 250GB Vertex II SSD/80GB Intel SSD Win 7 64 Ultimate x3 VW266H 26" HD LCD Logitech G15 
PowerCaseMouse
Cooler Master Silent PRO-m 1000W Cosmos 1000 Logitech G5000 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Web Coding