Copy link to clipboard
Copied
This is exactly what you said:
'It's not the XYZ data the bad guys want. They want to know where it came from. Forms on an unencrypted site provide the weakness they're looking for. And you've provided them with an easy entry point for further exploitation and proliferation of malware..'
Reads to me as though you seem to think that SSL certificates will prevent malware being installed, unless Im reading it wrong.
Personally I dont think either of us are qualified to be giving out advice regarding what and what SSL certificates do prevent and what they dont prevent. Its quite scary IF you care to read and do some research how vulnerable a website can still be, even with a SSL certificate in place.
Copy link to clipboard
Copied
No, you're reading it wrong. Exploitation can include many things. The most common is data injection which links out to malicious sites. Of course SSL alone doesn't make a site fully secure. But it adds another layer of insulation between your site and the cyber bad guys who will proliferate malware and other nasties if given half-a-chance.
SSL encryption is NOT a bad thing. I can't understand why you resist it so much. From where I sit, SSL certs for all sites are a win/win for everyone except the cyber bad guys.
Copy link to clipboard
Copied
No, you're reading it wrong. Exploitation can include many things. The most common is data injection which links out to malicious sites. Of course SSL alone doesn't make a site fully secure. But it adds another layer of insulation between your site and the cyber bad guys who will proliferate malware and other nasties if given half-a-chance.
By @Nancy OShea
OK thanks for clarifying. I think its more complex and pretty frightening if you read too much. There's also a lot of varying opinions, some financially motivated and others just technical writers with not much to gain, so it doesnt make it so easy to get the true story.
SSL encryption is NOT a bad thing. I can't understand why you resist it so much. From where I sit, SSL certs for all sites are a win/win for everyone except the cyber bad guys.
By @Nancy OShea
I never said it was bad, even advised in one of my posts in the other thread, any one producing a new website should include an SSL certificate, regardless of if you have any user interaction or not. Personally I just cant see it being of much use for a website without any user interaction at all or those with simple forms, but that's just my view. However I would deploy one on any new build, even if it had no user interaction, purely for the 'cosmetic' angle, rather than the security angle, because there's nothing much to secure.
Had the clients of the few websites I still have control of, which arent secured, as they were built way before an SSL was needed, been more pro-active and cared about their own website, I would show a similar concern too, of course. I mean heck it only takes a few minutes to enable Lets Encrypt, change any http:// links to https:// but I cant be asked to revisit websites built 4/6 years ago which have never been updated, there's no incentive for me and none, to my knowledge, have been disadvantages so far, and 2 even rank high in Google listings! Again most information will inform you your website will suffer a drop in ranking without a SSL certificate, well obviously not in my case so how spurious is that.
I'm not reading anymore as I think if you're still building websites, fortuantely I'm taking a break and may never return to building them, it would probably put you off from doing so, knowing potentially what can happen. SSL certificate are just the tip of the ice berg and even those are not 100% secure, let alone other sources of security which you should deploy.
We all have different opinions, surprise surprise. Its up to each individual to do what they think is correct.
But hey thanks for keeping up with me and conducting your replies in an adult manner! I'm winding this up now as I think Ive said all I want to say on the matter.