Some confirmation, please


#1

I successfully installed SSL Full Script on one domain name on my GoDaddy server. It worked perfectly right out of the box. Just one question: I have plain text files on my server that are downloaded by a software program I wrote. Are those plain text files hackable under SSL/TSL and if not, are they safe down the wire to my app? I could encrypt each file, but that seems redundant if SSL is protecting them.
TIA,
John


#2

SSL only encrypt the data sent over the wire (and you need to be on Full for that, not Flexible, but you seem to already have configured that).

If your concern is only the transfer SSL should be sufficient, otherwise if your concern also applies to storage you’d also need to encrypt them on your server.

Just to be avoid any confusion, files will be (temporarily) decrypted on Cloudflare’s servers, so there is no real end-to-end encryption. If you absolutely want to rule out any possible attack vector you would need to encrypt it before sending it to the client and only decrypt it there.