May 20th, 2003, 02:21 PM
Some questions regarding SSL and client to server data transfer
I have a few general questions regarding the security of data transfered from the client to the server of a web site.
What ive read:
Ive been reading about SSL, session ID's and Encription. Was reading how anyone running a sniffer can sniff your network data and if the data is not ecripted it can be used. And how when linking to a site they can catch session IS in their reffer logs and use this to gather usernames and passwords and other important data.
My site does not have anything where credit cards, addresses or other more important data is being submited but I am makeing a discussion fourm where curently im working on the sign in part of it. So usernames and passwords would be submited via form POST data and once it gets to my server I encript it useing DES encription.
My questions are:
1) For my particular case where only site passwords and usernames are sensitive data, Can I get away without useing SSL?
2) Ive been reading about self signed SSL certificates, and openSSL and freeSSL. Are these SSL alternitives just as secure as SSL itself and do you recomend it?
3) If network data can be easily sniffed what would be the purpose of me encripting the data server side since it was already sent unencripted, other then some script kidde with local access to my files.?
4) Can you recomend other ways I can secure my data, and posibly sugest another SSL alternitive?