Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2004
    Location
    mile high city
    Posts
    482
    Thanks
    0
    Thanked 0 Times in 0 Posts

    advice on shared SSL

    While developing for a health care company I've come upon some questions regarding SSL. This is an area I've been unfamiliar with until just recently and I think I understand the basics, but would appreciate a friendly shove in the right direction.

    The client's hosting plan includes shared SSL. Some forms on the site will be used to submit patient information which is of course highly sensitive. Are there potential security issues using shared SSL?

    What would be the advantages of purchasing a certificate? And is it necessary for the site to reside on its own server if doing so?

    Any experiences with particular Certification Authorities would also be great.

    I've found lots of info, but most of it seems to come from folks who are selling their own product, so I'm looking for some objective info or first hand experiences.

    Thanks.
    Computer, kill Flanders... Did I hear my name? My ears are burning...
    Good start. Now finish the job.

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    shared SSL is as secure as your own cert , at least at the sharp end of encryption etc , the main downside is that the URL shown in the browser will not be the same as the users domain , probably something like https: // secure.vendor.com/~username which is a bit offputting to paranoid users

    popups can hide this but the standards-compliance police will give you stick for such.

    A quick explanation to users should be enough for those who even notice the change of URL!

    I could not recommend any one CA over another as I don't fully understand why the prices vary so wildly
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Jul 2004
    Location
    mile high city
    Posts
    482
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the reply Firepages.

    I'm going to relate what I've learned to my client and let them choose between using their host's shared SSL or purchasing a cert.

    Cheers.
    Computer, kill Flanders... Did I hear my name? My ears are burning...
    Good start. Now finish the job.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •