> I think just use a flippin' ssl server and be done with it.
> rarely go back.
Many people do this, I hope that the OP realizes this.
> You can use SSL for the login and only the login - I know that it means
> either using a self signed cert or paying big bucks, for anything with
> e-commerce you want to pay big bucks for a cert, there is no other option.
> For anything not e-commerce, using a self signed cert seems a lot more
> secure to me than having the browser grab some salt off your server, use
Have you seen the fit Firefox 3 makes for self-signed certs? So far as
the end user is concerned, the site is inaccesible.