General discussion of OpenCATS

Moderators: RussH, cptr13

Forum rules
Just remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but keep comments directed to the topic at hand.
Post Reply
Posts: 1
Joined: 27 Jan 2018, 22:56
what is two(2) plus three(3) ?: 5


Post by jumpingbeans » 27 Jan 2018, 23:15

I have uploaded this ATS system to Godaddy online server. I realize SSH and SSL are to encrypt data for security purposes. My questions are:
1 - Are all the data on the candidate files, attachments, everything at risk of being hacked if i dont have it?
2 - is it just the login page that is at risk?
3- should i pay for ssl certificate?

User avatar
Site Admin
Posts: 824
Joined: 12 Apr 2008, 08:28
what is two(2) plus three(3) ?: 5
Location: UK

Re: SSH and SSL

Post by RussH » 01 Feb 2018, 17:04


SSL encrypts the browser to server communication. if this isn't encrypted, there's a risk that your traffic can be intercepted.


- if you have your lan running on a hub(unlikely!) and someone else on that hub runs wireshark on another port to capture the traffic.
- if you have your lan running on a switch and someone else port-mirrors your traffic to capture this.
- if someone on one of the intermediate routers from you to the server runs tcpdump to capture your traffic.
- if you are connecting through a 'dodgy' insecure public wifi portal it's easy to capture your traffic.

Pretty much most of these options rely on a malicious administrator capturing your traffic. It's not trivially done by anyone.

However - if you're accessing this from home or from your office lan then whilst it's not encrypted, it's a reasonably secure environment.

Finally - if you did want to purchase a SSL certificate you would have to absorb the technical overhead of installing and configuring that yourself.

Report your issues and feature requests;

Please CLICK THE TICK to accept the answer!

Post Reply