Once SSL is installed, configured correctly, and applied to web pages, you can be reasonably confident that those pages will be transmitted securely across the internet in an encrypted state.
That's a good thing and worth doing.
However, it is important to take a holistic view of security and understand how SSL fits into the larger picture. Even given the rather narrow goal of securing patron data, SSL is only one, rather minor piece.
Patron SIF files
Do you regularly load patron information into Voyager?
Is the patron SIF file FTP'd to your server? Is it transmitted as plaintext?
If so, it is vulnerable to network eavesdropping during transmission.
Is the patron SIF file stored on your server as plaintext?
If so, it is vulnerable to misappropriation by anybody with access to your server, either legitimately or by hacking in.
SSL secures the personal information of a single individual. How does that compare in importance to securing a file that includes the personal information of every one of your patrons?
Remote Oracle connections
The Oracle ODBC is a convenient tool that enables library staff to extract report data from Voyager using Microsoft Access.
What's keeping somebody from outside your library with those tools from connecting to your database?
This vulnerability requires that an outsider know a minimal amount of site-specific information. Still, it raises concerns you should be aware of, and take precautions against.
A "read only" username and password prevents unauthorized modification of the database, but what if somebody just wants to download all your patron data?
