> Is the SSL encryption overkill for something like this? Or > would it be advisable? How big a security risk is there for > personal info like this?
The security risk is probably acceptable for your client, even if they don't know that. However, it's so cheap to use SSL that you might as well do that instead. > Is it easy to hack without SSL? SSL/TLS prevents third parties from being able to read traffic between the two endpoints of an encrypted conversation - the browser and the server. It doesn't prevent the client from hacking anything, and that may be a more serious concern. It is very easy to read plaintext data if you're on the same network segment as an unencrypted conversation. If you go down to your local coffee shop and use the free wifi, you can easily read data from other users who aren't using SSL/TLS or tunnelling all their traffic through a VPN or SSH connection. For example, I give you the wall of sheep: http://blog.makezine.com/archive/2005/07/_defcon_the_wal.html But, to see this data, you have to be on the same network segment, which limits the scope of any surveillance quite a bit. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:297382 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
