I am very new to this but want to try to better understand.

Use case: passwords over http
When someone logs into a Drupal site, http://mysite.com, the password is sent over via plain text.
I have heard this before and just want to be sure. Please correct me if I am wrong.

Now i could use encrypt_password and encrypt to encrypt the password so that the password and username would be encrypted but still sent over plain text.

Use case: form information
If someone fills out a form on the Drupal website, the information is sent over in plain text.
I have heard this before and just want to be sure. Please correct me if I am wrong.

I could use encrypt_form and encrypt and the form information would be encrypted and still sent over plain text.

Please confirm.

Use case: SSL
Do I need encrypt if I am using SSL on my site exclusively?
Should I use encrypt if SSL is enabled but not required? So the site is in mixed mode?
Is it best to force pages that have information that should be protected to use SSL?

Is there an advantage of using encrypt with SSL?

Thanks so much for answering these questions...

-encrypt, security NOOB!

Comments

SocialNicheGuru created an issue. See original summary.

SocialNicheGuru’s picture

SocialNicheGuru CreditAttribution: SocialNicheGuru commented
Issue summary: View changes
rlhawk’s picture

rlhawk
Primary language English
Location Seattle, Washington, United States
CreditAttribution: rlhawk commented

Data is only sent unencrypted between the browser and the server if the HTTP protocol is used. If a site uses HTTPS (via SSL), the transmission is automatically encrypted by the browser and decrypted by the server. The Encrypt module would have no effect in either case; it would more likely be used for protecting data at rest.

rlhawk’s picture

rlhawk
Primary language English
Location Seattle, Washington, United States
CreditAttribution: rlhawk commented
Status: Active » Closed (fixed)