Thursday 2 May 2013

Running With SSL

An important part of any production site is protecting user logins and data. Many sites can be built without the need for SSL because they do not have users authenticating to them or updates are only done in staging environments. For sites that do allow users access to secure data such as a profile, credit card processing, or client statements we need to make sure we protect their data from being intercepted by a third party. Secondly, for login scenarios in production we also need to make sure user credentials are protected in transit from client to server.


When we are building a site using Orchard CMS things are a little different than a normal site, but much of it is the same. First off the two scenarios many developers face are whether or not to protect the entire site under SSL or just the login/secure pages. This is a decision everyone needs to make for themselves, but I usually fall on the side of running the entire site under SSL. Nowadays encryption/decryption is much faster than before and making sure there are no pages that might not be protected is much more important. Many companies now run their entire site under SSL for these very reasons. Moving forward I will discuss adding SSL to Orchard and supporting these two secnarios.

crawled from : Orchardproject

No comments:

Post a Comment