I don't think SSL is always necessary. It depends on the content. However, it is pretty common that many people use the same username and password for many different systems.
For example, I may log in to my bank's web site using "michael" and "password". The bank's web site is secure so I no worry. Then, I sign up for your church's web site and use the same username and password combination. Now, if someone sniffs that unsecured connection, they now have my bank username and password. So, although it's not necessary, in all cases, you are helping to protect information, indirectly. Certificates are pretty inexpensive considering the cost of the loss of trust from users. M!ke -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 7:45 PM To: CF-Talk Subject: OT: SSL Necessary? Important? Hi, all. Pardon a quick OT question (or two). I have a client (church) that wants to have a directory that is accessible to the membership, but not the general public. Access will be controlled by password/username login. But the church is also asking about an encrypted connection using an SSL certificate. Is the SSL encryption overkill for something like this? Or would it be advisable? How big a security risk is there for personal info like this? Is it easy to hack without SSL? Thanks for any feedback. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297297 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
