How important is SSL?
traceelements - October 18, 2009 - 06:33
I was wondering how important it is to use ssl on the login and admin pages? I'm sorry if this is a dumb question. I've searched for the answer and can't find it. I found the secure pages module, but I don't want to go to all this trouble if it's not necessary.
=-=
Some reasons one may want to use SSL.
you have an online store or accept online orders and credit cards
your business partners log in to confidential information on an extranet
you have offices that share confidential information over an intranet
you process sensitive data such as address, birth date, license, or ID numbers
you need to comply with privacy and security requirements
you value privacy and expect others to trust you
Ditto
And supposedly identifies who you are. Depending on the level of security your credentials are verified.
For a Drupal site that
For a Drupal site that doesn't handle secure information, is SSL necessary? For instance, how likely is it that someone could steal the admin's password when they're logging in without SSL?
Fairly likely
It's actually not as difficult as you might imagine. You don't have to be very knowledgeable to eavesdrop on computer communications. And if you're sending everything in clear text then the eavesdropper has your login data.
That said; the default drupal install will take care of routine security for you (such as logging in). You would mainly use an additional security module if you wanted additional security.
Thank you
Thank you all for your replies. CAZephyr, thanks for taking the time to clarify that for me.
Ditto also
If the difference between authorized users and anonymous users is important to you then you should have some basic security to prevent impersonating. If you don't care about it then just make everything available to anonymous users and use (secure) login only for the administrator.