Poor Phorm and SSL
I don't know how this story is going to end. It's possible that consumer pressure and/or the Information Commissioner may stop it. We shall see. But for me it's been a wake up call to review our web sites and consider switching some of them to use SSL so that the connection is encrypted.
There's a variety of reasons for doing this. Some of our web sites require you to log in, actually most of them do for the content management, but the actual site content is all on public view. There are exceptions though:
- Our own extranet lets Beth and I read our email from any web browser on the Net. So the email is passing over an unencrypted HTTP connection. Definitely one to switch to SSL and I've done that using a self signed certificate2 - so Opera and Firefox whine a bit, but not much. Internet Explorer whines a lot more, but we don't really care about that.
- Another customer has a members' area where confidential medical information is shown. That again needs to switch to SSL and I've already done that using a certificate from NameCheap which costs only about £7 a year - a bargain compared to the price a couple of years ago where you were paying over £100.
- One of our customers has an extranet too built on the same technology. I've recommended they switch to SSL and I'll buy them a proper certificate from NameCheap if they do so.
- Our public wiki has information on it that's confidential. I can't decide what to do with that. A self signed certificate will upset IE users so that's out. I've put a CAcert certificate on there for now as it's free, but it only works if you can persuade the visitor to import the CAcert root certificate otherwise IE still complains. My problem is that buying yet another certificate is costing the company money and we're already running the colo server at a loss as all the web sites on it and the list server are pro bono, part funded by Amazon Associates and Google Ads money (although these produce pitifully small amounts of income).
Well that was a pretty boring posting unless you're a web geek. My apologies.
Tomorrow I have a day off blogging, in theory. We shall see.
- try not to get to offended by his use of apostrophes - I am trying to talk him round
- Done after reading this excellent page which has taught be all I needed to know about setting up SSL, both on our Ubuntu and our Gentoo servers.
|Tags: VirginMedia, web design||Written 28/02/08|