Http or HTTPS

hargi · 12 Jun 2009 at 10:33

Getting our server set up for outside access to moodle, our VLE.
Should it be set up for HTTP or HTTPS? no money transactions will take place on there, but there will be lots of student data on there.
If it is set up as HTTPS what else will i need to do? get a security certificate? hows this work and how much does it cost.

Cheers

daz · 12 Jun 2009 at 10:57

Is there any sensitive data at all in the system? What could someone do if they had a login?

SSL encrypts data from the end-user to the server - this is obviously what you want when transmitting data that is sensitive (Paypal logins, banking logins, credit card details... and if your website/email is very important to you, perhaps emails and FTP too).

An SSL certificate costs from about £10 a year, you then just need to install the certificate on to your web server, and put the site on a dedicated IP address.

Dj_Jestar · 12 Jun 2009 at 11:36

https for peace of mind. Personally, If I'm asked to provide *any* personal data, including just my name, I'd much rather it be https

waso_dude · 12 Jun 2009 at 12:11

Moodle....

Read any moodle documentation, it recommends a secure server, and I highly recommend it too.

Not Using HTTPS might even be againest some laws because of the data held in moodle.

hargi · 12 Jun 2009 at 12:18

Cheers, Thats what i wanted to hear.
I thought it would be HTTPS with the data on there.

daz · 12 Jun 2009 at 12:23

HTTPS doesn't make your server or installation any more secure. It doesn't encrypt the data already held in Moodle's database - it *only* encrypts the transfer of data from the user to the server, to stop the data being 'sniffed' by machines between you and the moodle server.

waso_dude · 13 Jun 2009 at 12:08

daz said:
HTTPS doesn't make your server or installation any more secure. It doesn't encrypt the data already held in Moodle's database - it *only* encrypts the transfer of data from the user to the server, to stop the data being 'sniffed' by machines between you and the moodle server.

Moodle is a schools virtual learning enviroment, student data is transmitted from this,

You need to have a HTTPS connection and also a server that is fully secured down.

Mr-White · 13 Jun 2009 at 12:19

you're more than likely obligated to secure students data to the best of your ability

MW

theheyes · 13 Jun 2009 at 13:15

Mr-White said:
you're more than likely obligated to secure students data to the best of your ability

MW

This.

HTTPS without doubt. It's a legal requirement to protect personal data. Also, you can cast serious questions about the integrity of the data if there is no secure login.

malef!c · 14 Jun 2009 at 08:59

Go to Namecheap, buy an info domain for $2.98 and you get a free SSL certificate.
Cheapest I could find