1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account security - HTTPS?

Discussion in 'XenForo Questions and Support' started by logoutx, Oct 6, 2010.

  1. logoutx

    logoutx New Member

    I notice that there is no use of HTTPS when signing up for an account or when viewing one's account details on this website. Is this going to be fixed so it is more secure?
    gib likes this.
  2. viewfinder

    viewfinder Member

    I will second that. Ideally, the ability to enable HTTPS for sensitive areas _only_ would be very helpful with the load on the server. e.g. for login and any account related areas, or as specified via configured settings.

    BTW, on my trial setup, I noticed that when accessing the forum via HTTPS, you lose your logged in session/identity when switching over to HTTP. I am assuming this is related to the secure cookies?
    gib likes this.
  3. MentaL

    MentaL Active Member

    i would like a fully intergrated https login option, would offer users additional security, sucks on the additional expensive for a certificate though.
  4. Simon

    Simon Active Member

    I'll agree on this one. Would like to see https for sensitive areas. :)
  5. gib

    gib Active Member

    It would be useful to have an option to secure just the user logon process.
    XenForo is running sweet on my SSL test site, but having only the login secured via HTTPS would be a welcome option to those just wanting to encrypt logon credentials.

    HTTPS config worked first time on my XenForo test site, nice work chaps :)

    I've only came across one problem using SSL on XenForo, but that is to do with Internet Explorer, nothing to do with XenForo.
    I had to enable the "display mixed content" option in the security settings in IE9 beta to allow embedded videos to show.
    The problem arises as YouTube videos use HTTP, so I had to enable the mixed content option for the videos to be displayed (see screenshots for how to enable mixed content)
    Firefox, Chrome and Safari don't grumble about mixed content, seems to be only an Internet Explorer thing.

    I had similar problems on VB4, with use of Skype status, etc, as most of these use HTTP and lead to mixed content problems in Internet Explorer.
    Also encountered problems with HTTPS using iPhone/iPad ForumRunner and Tapatalk apps.
    XenForo looks GREAT on iPad and is quite viewable on iPhone, so I don't see me encountering as much of a problem with HTTPS and XenForo :)

    Attached Files:

  6. gib

    gib Active Member

    If you use shared hosting , might be worth checking if they provide a generic web certificate, based on the shared host name (not the web site name, which costs extra)
    It's not very elegant looking, but if your hosting provider offers them, they are useful for securing customer logins and are free with my shared hosting provider.
  7. bambua

    bambua Well-Known Member

    Certificate cost has come down a lot. I see it for under $100.00 a lot now compared to the thousands it used to be, I'm not going to complain.

Share This Page