Community Support Forums? Do you think they should have SSL security available to them? What are the benefits? What are the drawbacks?

Community Support Forums? Do you think they should have SSL security available to them? What are the benefits? What are the drawbacks?

Why do you need to secure them? All the information they write will be available anyway...?
The only reason i could think of doing this would be to make sure that their password is not intercepted. In which case you only need to secure the login page I would imagine, since the cookie should be encrypted.

SSL will normally make the site load a little slower, and it costs money...

SSL don't need to cost money, only if it needs to be signed. Even if it needs to be signed a webhost should allready posses a signed SSL certificate.

I would prefer the login to be secure, your customers could very well be using the same password to the forum as to their webmanagement account.

SSL don't need to cost money, only if it needs to be signed. Even if it needs to be signed a webhost should allready posses a signed SSL certificate.

I would prefer the login to be secure, your customers could very well be using the same password to the forum as to their webmanagement account.

Well, i'd definatly get it signed. It looks really bad if you start getting certificate errors popping up. Personally, i don't feel it is neccessary. Very few forums have SSL.
I would recommend it for your clients area with credit card information etc, but not for the customer forums,.

If you don't get a cert signed by a CA then there's no point having one at all, it does not add to the security.

If you don't get a cert signed by a CA then there's no point having one at all, it does not add to the security.

I agree using a unsigned cert is unprofessional but a selfsigned cert still provides some security. You are more voulnerable to a man in the middle attack but the traffic will still be encrypted.

Lets keep it at signed certificated by a professionally known company such as Verisign. Would you place your forums in a secured medium or not?

We have our personal forum protected by SSL while the one available for public does not have SSL

Securing forums, why would that be required? The only thing I would secure is the order system.
And Andy, it only costs like $15 :S

Securing forums, why would that be required? The only thing I would secure is the order system.
And Andy, it only costs like $15 :S

Where have you found $15? The cheapest i've ever found is $30- and you've got to be a reseller to get that price.
And $30 could be spent elsewhere. You don't get anywhere in business by throwing money away.
That could get you another 10 customers if spent wisely.

My mistake. Proberly is $30. I Can't remember.

Where have you found $15? Check out RapidSSL Certificates (http://www.ev1servers.net/hosting/ssl/starterssl_details.asp)

Where have you found $15? The cheapest i've ever found is $30- and you've got to be a reseller to get that price.
And $30 could be spent elsewhere. You don't get anywhere in business by throwing money away.
That could get you another 10 customers if spent wisely.


EV1Servers offered them for 14.95$ a few months back. I think they have raised the price since then.

Regarding the forum. If your forum is intergrated with your billing software (like MB with VB forum), then I would strongly suggest a SSL certificate. If not, its up to you.

I agree using a unsigned cert is unprofessional but a selfsigned cert still provides some security. You are more voulnerable to a man in the middle attack but the traffic will still be encrypted.

Reconsidering from this viewpoint.

I would actually suggest that the forum at least have a self-signed SSL certificate. Remember, you don't want admins logins to be intercepted. However, I don't suggest forcing SSL logins for your customers, as they might be confused when the SSL errors start showing up.

Also, the statement regarding "man in the middle" is not completetly true. If you install the certificate on to your system, you would be able to detect when you are connecting to a different system. Remember how SSH looks at the host's key, and adds it to the cache, then warns you when it changes? The same concept applies here.

I would suggest getting a certificate for a secure subdomain. For instance, you could get secure.yourdomain.com, and have customers redirected from http://forum.yourdomain.com -> https://secure.yourdomain.com/forum/. Saves you time and money.

Also, don't forget, you can use .htaccess files to force SSL access, or if you have root access, editing the apache config file will also work

Securing a forum seems OTT, all the value will be in the information on the screen anwyay wont it?

Where have you found $15? The cheapest i've ever found is $30- and you've got to be a reseller to get that price.
And $30 could be spent elsewhere. You don't get anywhere in business by throwing money away.
That could get you another 10 customers if spent wisely.
Just for anyones information, you can get a single year, single RAPIDSSL cert for $14.95 from www.servertastic.com

Another issue i've thought of.
If you have a subdomain, i think that google will treat it as a seperate domain.
It certainly does for the free hosting sites that use subdomains.

A forum is probabally going to be the biggest source of content on your site, which should get you very good rankings- but if its on another domain, i don't think google will associate it with your main site.
Is this right? Or will google know that its your forum?

Sensitive information shouldn't be posted on a public/ customers-only forum. So, I don't see any reason to use secure connection.

Sensitive information shouldn't be posted on a public/ customers-only forum. So, I don't see any reason to use secure connection.

There is the valid point about the forum password- which may be with the account password- but i'm still with you.
You don't need an ssl for a forum.

There is the valid point about the forum password- which may be with the account password- but i'm still with you.
You don't need an ssl for a forum.

Even just a self-signed certificate for administrator's login?

Community Support Forums? Do you think they should have SSL security available to them?
Absolutely!

I also think it should take three or four different keys to get into a car, we should have encryption on our TV remotes, and optical scanners on our sandwich bags.

Just to be on the safe side.