Hi, I will not be collecting Credit Card details on my site so have no need for SSL but is the Login Page secure in this senario?
I quote the following from the security.pdf
"Logged on Customers
The account and password details for logged on customers are also protected.
Passwords aren't stored on the web site, nor are they ever sent across the Internet.
Actinic derives a signature using an MD5 (signature) of the password, so it is
designed to be completely secure. Only this signature (from which you cannot
derive the original password) is stored on the web site and sent from the buyer to the
web site. The logon process also takes advantage of SSL to provide additional
protection whenever an SSL certificate is enabled at the web site."
This leads me to believe it's ok to collect user names and passes without SSL but with SSL is better.
Thanks
pnp
I quote the following from the security.pdf
"Logged on Customers
The account and password details for logged on customers are also protected.
Passwords aren't stored on the web site, nor are they ever sent across the Internet.
Actinic derives a signature using an MD5 (signature) of the password, so it is
designed to be completely secure. Only this signature (from which you cannot
derive the original password) is stored on the web site and sent from the buyer to the
web site. The logon process also takes advantage of SSL to provide additional
protection whenever an SSL certificate is enabled at the web site."
This leads me to believe it's ok to collect user names and passes without SSL but with SSL is better.
Thanks
pnp
Comment