Hey list - This is an opinion question. A friend of mine recently launched a website that is a partner website to a large cruise industry. The website is about job opportunities and they have an online application form that you can fill out. I was rather startled to see that there was no SSL on the form which asked for everything from employment history to address to references and address. When my friend wrote his design company this is what they replied:
<snip> Let me first assure you that our data most definitely IS secured and it would definitely NOT be easy for someone to gain access to the data. Whew! That said, here's the story... What your friend is referring to is called an SSL certificate. What this type of security does is encrypt the information as it is sent between the browser and the web server. This protects that data for the few seconds it takes to be transferred to the server but once it's on the server, the SSL certificate is no longer involved and the data is secured by other means. In general the risk of having the data compromised during this brief time to transmit a single transaction is far less that the risk of a security breech to the database itself. This is why we have concentrated our efforts on securing the database and have (to this point) chosen not to install a SSL certificate. In reality, single biggest security threat to the Staffing Center are the user accounts and passwords that are set up for each client. It would be far easier for a potential hacker to break in to the system by guessing a user password than by any other means. This is why long and complicated passwords are always the best choice! However, let me also point out that we have discussed setting up the SSL stuff just for the extra measure of precaution and the satisfaction that our users get when they see the little lock icon in their browser. We will probably be setting up SSL on the Staffing Center at some point down the road. </snip> Seeing that this is not just a small website but associated with a large cruise/travel company does anyone else feel like this company is being a little negligent? Or am I just being old school about this.. Heather Laidlaw Internet Manager Seattle Repertory Theatre [EMAIL PROTECTED] (206) 443-2210 x1044 www.seattlerep.org ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
