Menu
Hey just a quick question for any experts out there. I have a site that lets users interact through messages and to sign up you just make a username and password, verify your age, and optionally, add an email. There isn't really any sensitive information I suppose. Is it worth using https. Will it prevent session hi jacking and will it hinder performance?
201
SSL / HTTPS is recommended for all websites on the internet. However, it is absolutely required for all websites that collect user information like login details, payment information, credit cards, and more.
The answer is, it depends. If you are just browsing the web, looking at cat memes and dreaming about that $200 cable knit sweater, HTTP is fine. However, if you're logging into your bank or entering credit card information in a payment page, it's imperative that URL is HTTPS. Otherwise, your sensitive data is at risk.
You should always protect all of your websites with HTTPS, even if they don't handle sensitive communications.
Anytime you use a username/password you should absolutely secure the entire session with HTTPS. The cost to you is fairly minor compared to the potential cost to your users if their passwords are exposed. Research consistently shows that people use the same password for nearly every system they access.
Additionally, beyond the risk of password exposure, consider that your site is a communications tool. What's the potential risk or harm to your users of being impersonated? Of having malicious messages sent under their identity?
It's just not worth the risk. Secure the transport at the very least.
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
