Will is trying to make fun of u (yes again) but the way I look at it at least you have more than 1 client, he can't say that :)
You can use ssl on there with no big deal. If you aren't encrypting your passwords then sure it could be a big deal if someone gets ahold of their username and password and it happens to also unlock.. say their bank account which the people find. generally a good sla 256 hashing is good but if they ask you for ssl then give then ssl to cover your arse. >Hi, all. > >Pardon a quick OT question (or two). I have a client (church) that wants >to have a directory that is accessible to the membership, but not the >general public. Access will be controlled by password/username login. > >But the church is also asking about an encrypted connection using an SSL >certificate. > >Is the SSL encryption overkill for something like this? Or would it be >advisable? How big a security risk is there for personal info like this? >Is it easy to hack without SSL? > >Thanks for any feedback. > >Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297245 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
