On 2/3/06, Cyril Plisko <cyril.plisko at gmail.com> wrote: > On 2/3/06, Dennis Clarke <blastwave at gmail.com> wrote: > > > On 2/2/06, Dennis Clarke <blastwave at gmail.com> wrote: > > > > > > > > First thing I'd like to do is get a real SSL site cert for security. > > > > > > On 2/3/06, Craig Steinberger <craig.steinberger at gmail.com> wrote: > > > We could probably get away with self-signing here. > > > > > > > Why not just make http:// become https:// ? super easy and the > > site can automatically switch the user to https if they arrive on > > http. > > So, you *are* talking about end-to-end SSL :) I, personally, think it is > a bit of overkill, but if you really think we need it and it wouldn't hurt > performance let's have it. > > Another point - how many community sites similar to ours are using SSL ? >
I am not going to let the ordinary become a model to follow for we extrodinary fellows :-) Yes .. I *was* thinking end to end. But lets go with a minimal level of security on the password page. Dennis
