|Posted: Monday May 20th, 2013 at 11:35 pm #50247|
Hello my friends,
We use an SSL certificate that is verified, extended validation, 256-bit Secure Sockets Layer encryption for pages which use financial info (e.g. registration, upgrades and billing forms).
We have a user who is concerned about:
A. Logging into our site on public networks because we do not use SSL on the login page, and
B. About pages with user data also not using SSL.
They referenced the codex article:
Their concern about packet sniffing user data sent in the clear seems valid.
What are your recommendations about securing login, admin pages and user info pages?
- s2Member® Products