1

I would like to set up a login area for my clients at my web site that is on a shared hosting server.

I do not currently have a dedicated IP or SSL certificate.

Is there an alternative way to safely and securely handle logins and other sensitive information I may want to collect without the expense of a dedicated IP and SSL certificate?

marky
  • 4,878
  • 17
  • 59
  • 103

3 Answers3

2

From a practical standpoint, the answer is that you need to use SSL/TLS. It is the industry standard and is well-known and (implemented properly) provides good security. While it is theoretically possible to write your own encryption and security protocols, it will almost certainly have flaws and holes that can be easily exploited.

Mark Wilkins
  • 40,729
  • 5
  • 57
  • 110
  • Thanks guys. That's pretty much the response I thought I'd get, but I thought it'd be worth asking. Looks like I'll have to go the SSL/Dedicated IP route after all. – marky Aug 31 '11 at 15:07
1

To the best of what I know, anything without TSL/SSL would imply "cleartext" communication between your client and your server application - that would mean anyone can monitor the traffic to get sensitive information or impersonate an attack.

Arun
  • 2,493
  • 15
  • 12
1

Is there an alternative way to safely and securely handle logins and other sensitive information I may want to collect without the expense of a dedicated IP and SSL certificate?

No.

MattH
  • 37,273
  • 11
  • 82
  • 84