My service provider has a postgres database, And i want to redo my website with php and allow my clients to login with sessions and go to their page ( i am a graphic designer/ web developer, clients can log in to download stuff like their business cards , logo's, ect ). The service provider is telling me that if I am allowing my clints to login (login and pass in table in database) that their is a huge security breach, and he can be hacked. He says the only way to do it is with ssl and that I have to buy some sort of ticket/pass/something to get it.
I am of the opinion that
a. he doesn't know what he's talking about
b. he's paranoid and doesn't know enough about what he has to feel confident. ( he's fairly new at this as well 2-3 years )
And that I should probally go with another service provider who won't give me these hassles. But I'm new at this, I know that at school when learning this, we didn't have to go through this. and were told that you only need ssl if you are using credit cards or other sercure information. I just want some feedback from everyone please.