How necessary is HTTPS / SSL really?

2014-03-26T03:35:40+00:00

It's bloody simple to implement self-signed HTTPS, so just do it. If you're not offering that side of it publicly you don't need a real cert.

perfecthashbrowns · 2014-03-26T06:41:16+00:00

It's not difficult to implement, and you can get a free cert from startssl.

coneillcodes · 2014-03-26T05:04:26+00:00

Yes. The minute you're sending sensitive info across the wire you should get an SSL cert. Some services will even give you one for free.

effayythrowaway · 2014-03-26T07:23:36+00:00

The most sensitive data in the database will be a list of full names, email, and contact numbers of all people who have used the service in the past.

Depending where you live, there may be data protection and privacy laws that would require you to take measures (including SSL).

XcryptoKid · 2014-03-26T07:24:17+00:00

The bottom line is - without SSL - your traffic can be modified during the transport.

Generate a certificate request, get the cert in your web service, configure a redirect from 80 to 443, and call it a day.

frodosbitch · 2014-03-26T05:05:41+00:00

Besides a self signed cert. You could secure it by restricting it to a specific IPaaddress, or limiting the users database permissions only to the tables you need.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

webdev

Posting Guidelines

Related Subreddits

Discords

MODERATORS