Are there any security issues regarding authentication with HTTP on the front end of an AP? My concern is traffic sniffing of the HTTP transaction when a user submits their username and password to an AP. The built-in HTTP server is not SSL-enabled.

Would I be able to redirect the AP's main page to a secure SSL page that exists on another server for an account creation transaction?

Our hotspot login sends the passwords in a non-reversible hash format to provide security for non-ssl connections. There are no plain-text passwords sent to our hotspot system from the clients.

Thanks!