If I have a website that is available only internally over a company network (and of course over an SSL-VPN as that enables accessing network resources), is HTTPS (SSL) needed? Is it redundant/useless/pontless?
Is it that with the above only internal "ears" can listen to the conversation anyways, so SSL isn't needed and simply slows the app down? Or is it still needed for security when used from VPN? [ November 07, 2005: Message edited by: Dan Bizman ]
i wouldnt call myself an expert, but if i was you i would ask myself a few questions: how sensitive is the information on the site? could anyone or the company get hurt financially?
from what i know ssl is mainly to protect people from getting thier credit card info stolen. i tried to set up apache for ssl once just for the learning and i gave up because it was rather complicated. [ November 11, 2005: Message edited by: Randall Twede ]