Meeting started at:
- 1 Security of our web site for end users
- At the moment, all information (including passwords) are sent in the clear and can easily be eavesdropped.
- This is critical because we deal with information (absence, arrival time etc) that could be used for crimes and additionally, people -- while travelling -- will often use different computers to check their messages in BW.
- In case of a crime happening related to our web site, the court will check if we implement state-of-the-art security measures. Encryption is often regarded as standard technology. This means users expect our site to keep sensitive data secure because they are used to it from other web sites (Amazon.com etc)
- I (MarcoP) propose using encryption with an official SSL certificate for bewelcome.org. Cost is 69 USD per year http://www.rapidssl.com/index_ssl.htm . Effort for implementing is estimated as low: Administrative procedure for buying the certificate and server install procedure
- Another solution is to implement client side-encryption using scripting (but this will break in some cases)
Meeting ended at: