SSL Security (Advantages & Drawbacks)
What is SSL?
SSL or Secure Sockets Layer, is an encryption algorithm that encrypts communications between the end-user and the server. It helps to prevent hacking attacks that are based on eavesdropping. Anyone can easily tell if a site is protected by SSL if there is an “https://” in the address bar.
Does SSL provides Security?
The simple answer? No. BUT it can help.
SSL secures the network communication link only. Even though this is an important layer of security for sensitive applications, most attacks on websites are not done this way. Most of the attacks on websites are actually done via the web server or direct attacks on users (through malware or “phishing” scams).
SSL does protect 3rd parties from “listening” to communications between the user and the website.
When SHOULD you have SSL for your site?
We recommend having SSL for any e-commerce sites or any sites where you have or will be storing personal information of your clients/customers.Even though “eavesdropping” may be a less common type of cyber-attack on a website, there is no reason not to protect against it if the consequences for you or for your customer base could be serious.
What kind of “sensitive private data” needs protection?
Private data is a type of information that should only be accessible to you (the site owner / business owner) and that user. We recommend SSL for credit card numbers, personal login information (passwords), or anything else that you would deem as sensitive/private. Personal data can be easily found in other places, but if there is enough of it in one place, it could be used in identity theft and this is viewed as a plausible threat.
Advantages of having SSL on your site?
>It can assured your users that you do consider their security and privacy to be an important issue.
>It will verify that the website business owner is really who they claim to be.
>Google gives HTTPS as a noticeable in their search ranking algorithms.
What are the disadvantages of having SSL on your site?
1) If you have SSL Certificate in your web application, it’s slower because every byte of information needs to be encrypted and decrypted by both the user and the server, and this takes more effort than regular transmission.
2) SSL can create an administrative burden. The certificates is expenssive, require paperwork, and verification by a third party, and they need to be renewed, just like domain names. If you forget to renew your SSL certificate, your website will be red-flagged as an insecure site, which looks even worse to your users and the public than simply not having SSL at all.
3) SSL certificates requires private IP addresses, which may come at an extra cost if you do not already have your site hosted on a private server.
4) If you want run your entire site under SSL, you may draw concern from your users if you link to non-SSL content and they come across the security warnings when going from secure to non-secure content.