[jumpingbeans]

I have uploaded this ATS system to Godaddy online server. I realize SSH and SSL are to encrypt data for security purposes. My questions are:
1 - Are all the data on the candidate files, attachments, everything at risk of being hacked if i dont have it?
2 - is it just the login page that is at risk?
3- should i pay for ssl certificate?

[RussH]

Hi.

SSL encrypts the browser to server communication. if this isn't encrypted, there's a risk that your traffic can be intercepted.

Typically;

- if you have your lan running on a hub(unlikely!) and someone else on that hub runs wireshark on another port to capture the traffic.
- if you have your lan running on a switch and someone else port-mirrors your traffic to capture this.
- if someone on one of the intermediate routers from you to the server runs tcpdump to capture your traffic.
- if you are connecting through a 'dodgy' insecure public wifi portal it's easy to capture your traffic.

Pretty much most of these options rely on a malicious administrator capturing your traffic. It's not trivially done by anyone.

However - if you're accessing this from home or from your office lan then whilst it's not encrypted, it's a reasonably secure environment.

Finally - if you did want to purchase a SSL certificate you would have to absorb the technical overhead of installing and configuring that yourself.