1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL / HTTPS Integration

Discussion in 'XenForo Suggestions' started by Ryan Clark, Aug 6, 2010.

  1. Ryan Clark

    Ryan Clark New Member

    It would be cool to have SSL Intergration, so if you have an SSL certificate on your website you can allow people to login using that, and view Administrative Areas as well as their User Control Panel through it too.
  2. Forsaken

    Forsaken Well-Known Member

    I'd like to see SSL integration for a few things, but I don't think it'll be added into the core.
  3. Alfa1

    Alfa1 Well-Known Member

    SSL is one of those things that is very hard to add as an addon, because having both SSL as non-SSL running takes 2 synchronized installations.
  4. Ryan Clark

    Ryan Clark New Member

    It could be possible to offer an SSL directory with the core, login, register and control panels on which they move to where their SSL certificate is located and then turn SSL on in the control panel.
  5. Caliburn

    Caliburn Well-Known Member

    Will XenForo support SSL I wonder? For *at least* user login's?
    AlexandrosD likes this.
  6. Vincent Gabriel

    Vincent Gabriel New Member

    What does it have to do with the forum software? Just set in up in the server to enable SSL on the login page.
  7. Caliburn

    Caliburn Well-Known Member

    Well you'll still require SSL support through the software similar to what IP.Board has going. I'm talking full SSL certificate support through the AdminCP, logins, posts, and what have you.
  8. Vincent Gabriel

    Vincent Gabriel New Member

    Don't think there is much needs to be handle just once SSL is on you can change the forum url to the secured one or specify which sections should be considered secure and viewed through a secured page.
  9. mlx

    mlx Well-Known Member

    So how does IPB do things?

    Are we talking about forcing people to login via SSL while they are browsing the forum via normal http?
  10. Vincent Gabriel

    Vincent Gabriel New Member

    Actually i am not sure about IPB, I personally did not see such setting in the ACP i must say. But yea the concept is that you'll force users to view certain pages IE: Login Page through a secured connection.
  11. Floris

    Floris Guest

  12. Shamil

    Shamil Well-Known Member

    Thanks to the mod who merged upon report.

    I think SSL could be useful in some situations, but if you're going to have SSL on $_POST etc, why not have SSL enabled on the whole site, and set https for the jQuery call in the template?
  13. Floris

    Floris Guest

    Thanks for merging :)
  14. gib

    gib Active Member

    I'm hoping site wide SSL is available simply by specifying it on the base forum URL.

    More and more folks are accessing via mobile devices these days, it makes sense to at least encrypt username/password details when logging in, but also useful to encrypt all site url's and associated web traffic.
  15. Digi Rock

    Digi Rock New Member

    i'm hoping also that there's an option to allow ssl on xenforo :)
  16. Jonathan Carl

    Jonathan Carl Active Member

    I searched for any similar threads but i could not find any in the suggestion area. Will there be a built in option for using HTTPS for logins? Or will we need to rely on a Add-on to be released?
    DRE, Carlos, ankurs and 1 other person like this.
  17. steven s

    steven s Well-Known Member

    Curious to why?
    Would you also be buying a security cert?
  18. Jonathan Carl

    Jonathan Carl Active Member

    I already have certs, and I have had a few hackers from my previous forums that were able to capture login credentials. So now I rather stick to https for all login processes. I have hired a small CentOS security team to secure my sever as best as possible from attacks.
  19. Blandt

    Blandt Well-Known Member

    You need to configure your server .. no addon required
  20. Jonathan Carl

    Jonathan Carl Active Member

    Well, i could write something for .htaccess to force it. I just wanted to see if it could be intergrated as well.

Share This Page