Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

Jenny Swift
Jenny Swift
21,999 Points

Is an SSL certificate necessary?

Hi, I have just added Disqus to my website and Firebug gives me the following message:

Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.

Thanks to a Treehouse member answering one of my other posts, I now know that this warning message has something to do with SSL. I looked briefly into what SSL is but I still don't know much about it.

Can anyone please help me with the following:

What's the worst that could happen? Is it simply that if someone posts a comment on my site, someone else could then see their username and password and login to the person's Disqus account, or Facebook account, or whatever account the user logged into Disqus with?

What are the chances of the danger actually happening?

I briefly looked into the price of an SSL certificate and saw it could be $1000/year vs $5/year. If I went with the cheaper one (http://www.ssls.com/comodo-ssl-certificates/positivessl.html?years=5) is there something not as good about it?

Are there any places to get an SSL certificate that you would recommend?

What exactly does an SSL certificate achieve?

1 Answer

Lauren Clark
Lauren Clark
33,155 Points

You really only need an SSL certificate if you're running an eCommerce site or are taking and storing sensitive data on your server, and want that data to have an additional layer of encryption, so if any third part is snooping - they will have a very low chance of seeing the sensitive information.

Websites like Banks, eCommerce, Government forms etc are the kind of calibre site that really need an SSL cert.

Passwords for comments don't really qualify in the real world, as you've seen, they're not cheap and some can be a pain to set up. The password field should be taken care of by Discuss - it may be a plugin or something else on Firefox flagging up that issue :)

Jenny Swift
Jenny Swift
21,999 Points

OK, thanks Lauren! :)