I would like to set up a login area for my clients at my web site that is on a shared hosting server.
I do not currently have a dedicated IP or SSL certificate.
Is there an alternative way to safely and securely handle logins and other sensitive information I may want to coll开发者_如何学Goect without the expense of a dedicated IP and SSL certificate?
From a practical standpoint, the answer is that you need to use SSL/TLS. It is the industry standard and is well-known and (implemented properly) provides good security. While it is theoretically possible to write your own encryption and security protocols, it will almost certainly have flaws and holes that can be easily exploited.
To the best of what I know, anything without TSL/SSL would imply "cleartext" communication between your client and your server application - that would mean anyone can monitor the traffic to get sensitive information or impersonate an attack.
Is there an alternative way to safely and securely handle logins and other sensitive information I may want to collect without the expense of a dedicated IP and SSL certificate?
No.
精彩评论