简单的社区网站是否需要 SSL 证书? [英] Do I need SSL Cert for simple community site?

问题描述

我正在部署一个小型社区网站.用户注册只需要用户名、电子邮件地址和密码.我什至不要求姓名，当然也不存储任何敏感数据.

I'm working on deploying a small community site. User registration requires nothing more than a username, email address, and password. I'm not even asking for a name, and certainly not storing any sensitive data.

我还应该投资 SSL 证书吗?在没有密码的情况下传输用户密码是否被认为是一种糟糕的做法?

Should I still invest in an SSL certificate? Would it be considered terrible practice to transmit a user's password without one?

这只是一个个人项目，所以如果可以的话，我想避免额外的费用，但我不禁觉得如果我没有正确保护一切，我会不负责任.

This is just a personal project, so I'd like to avoid the extra cost if I could, but I can't help but feel I'd be irresponsible if I didn't secure everything properly.

推荐答案

我建议您获取 SSL 证书，并在用户向您的网站提交密码时要求使用 https.尽管您的用户不会传输任何敏感信息，但这仍然有一个重要原因:许多人对他们访问的每个站点都使用相同的用户名和密码，如果有人在咖啡店中使用笔记本电脑通过开放式无线网络，您应该尽你所能保护他们及其身份的安全.

I'd recommend getting an SSL certificate and requiring https any time users submit a password to your website. Though your users won't be transmitting any sensitive information, there's still one big reason for this: many people use the same username and password for every site they visit, and if someone's using a laptop in a coffee shop on open wireless, you should do everything in your power to keep them and their identity safe.

如果成本是一个问题，一个好的折衷方案是 CACert.大多数浏览器(目前)默认情况下不信任他们的证书，但任何拥有可验证身份的人都可以免费从他们那里获得证书.

If cost is an issue, a good compromise is CACert. Their certificates aren't trusted by default in most browsers (yet), but anyone with a verifiable identity can get a certificate from them for free.

这篇关于简单的社区网站是否需要 SSL 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！