Securing a Web App without SSL

software development


I have what I think might be a strange request.

I want to build a rails app to run a website. The public side of things is trivial but I want to build a secure admin UI. Unless you’re using SSL or something similar, HTTP Basic Authentication or form based authentication simply isn’t remotely secure. I don’t want to purchase an SSL certificate if I don’t have to so I’m looking for other options.

For example, is there some way that I could secure the admin portion of the site using SSH tunnelling or something?