HTTPS required on WLAN?
I'm confused about HTTPS and its position in LAN applications. I have two computers and my program will send information between them. Both these computers are connected to the same wireless network so it's a simple implementation. However, should I be using HTTPS in this scenario? Or is HTTPS only used when information is being sent to a server outside the network? Whilst the information being sent and received is not necessarily confidential, it may contain data that could be considered private. If I should use HTTPS, do I have to buy a certificate? Thanks
Get a free certificate from http://www.startssl.com/?app=1, set a reminder to renew it in one year and consider it done.
Having said that, in your particular case you can get away without HTTPS if you WiFi is properly encrypted itself.
Both computers are on the same network (WLAN or LAN doesn't really matter) anyone else on the network could intercept/sniff your traffic. I would take cababunga's advice and get a cert. It does not need to be signed (ie you can make one free) but for a production app it might be worth it.
It's a trade off. Depending upon perimeter security is generally considered a really bad idea. If you are completely happy transmitting that data then you could do so. Of course wifi is notoriously bad for security. Could you deal with a rogue access point masquerading as your own, for instance?
For https, getting a valid certificate from a well-trusted CA, is the simplest, safest and probably cheapest route.