When web applications are being accessed across the internet, there is always the possibility of usernames and passwords being intercepted by intermediaries (eg. between your computer and the server). It is often a good idea to enable access via HTTPS (HTTP over SSL), and require its use for pages where passwords are sent. Celoxis is bundled with a self-signed certificate and is accessible with SSL using: https://<server-name>:8843/psa/user.do