[BNM] SSL Certificates
Ali
ali at nubz.com
Tue Mar 3 15:01:31 GMT 2009
Hi David,
If no financial or commercially sensitive data is at risk is it worth it?
youTube, twitter, flickr, facebook all do regular http login and subsequent
session pages with no ssl in sight
be good to hear opinions on this.
Ali
-----Original Message-----
From: bnmlist-bounces at brightonnewmedia.org
[mailto:bnmlist-bounces at brightonnewmedia.org] On Behalf Of David Pashley
Sent: 03 March 2009 14:42
To: Brighton New Media
Subject: Re: [BNM] SSL Certificates
On Mar 03, 2009 at 14:23, Ali praised the llamas by saying:
> I generally do not use SSL for most things I work on but a new client is
> requesting SSL for all pages on their authenticated sessions.
>
>
>
> So whilst looking at the options I found an SSL certificate from
> godaddy.com[1] at just under £10 – can anyone tell my why I should pay
> Thawte or Verisign a couple of hundred pounds for the same thing?
>
Make sure the certificate is signed by a trusted root for every browser
you care about.
>
>
> And also, does anyone have opinions on whether or not it should be
> considered good practice to use SSL on authenticated sessions that do not
> involve any financial transactions or commercially sensitive information –
> i.e. mainly to protect the user account data?
>
Anything involving passwords should be over SSL.
--
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
--
BNM Subscribe/Unsubscribe:
http://www.brightonnewmedia.org/options/bnmlist
BNM powered by Wessex Networks:
http://www.wessexnetworks.com
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.6/1980 - Release Date: 03/03/09
07:25:00
More information about the BNMlist
mailing list. Powered by Wessex Networks