June 28th, 2001, 01:23 PM
Your question and suggestion are both interesting. I have no idea where the threat may be; I don't know anything about hacking, i.e. I don't really know what snooping means or consists of or anything like that. All I know is that I am programming a site for our client which will have information that is private to the client organization, so should only be accessible to members.
June 28th, 2001, 04:27 PM
i feel that security is a big issue (hence an SSL enabled server) but at the same time, paranoia will make send me to the funny farm trying to get some basic stuff to be completely secure.
my view point was simply what would the implications be of someone viewing (snooping) the data i am sending and receiving from the server. credit card details & personal information are secured either via SSL (for web) or SSH for command line access. when i am making updates to the product descriptions or anything else that is public knowledge anyway i simply use the "alternative" port method.
so, for members only access i guess it depends on what the members are accessing and who they are. talk it through with your client and ask them to rate the sensitivity of the data being accessed (i like the -5 to +5 scale, makes people react a little differently than 1-10 ) if it's 1 or more, go for SSL otherwise i would council against SSL simply for a less complex solution with lower costs (ongoing & support) and an easier httpd config.
hope that helps - robert.