Account security - HTTPS?
- Thread starter logoutx
- Start date
viewfinder
Member
I will second that. Ideally, the ability to enable HTTPS for sensitive areas _only_ would be very helpful with the load on the server. e.g. for login and any account related areas, or as specified via configured settings.
BTW, on my trial setup, I noticed that when accessing the forum via HTTPS, you lose your logged in session/identity when switching over to HTTP. I am assuming this is related to the secure cookies?
BTW, on my trial setup, I noticed that when accessing the forum via HTTPS, you lose your logged in session/identity when switching over to HTTP. I am assuming this is related to the secure cookies?
gib
Well-known member
It would be useful to have an option to secure just the user logon process.
XenForo is running sweet on my SSL test site, but having only the login secured via HTTPS would be a welcome option to those just wanting to encrypt logon credentials.
HTTPS config worked first time on my XenForo test site, nice work chaps
I've only came across one problem using SSL on XenForo, but that is to do with Internet Explorer, nothing to do with XenForo.
I had to enable the "display mixed content" option in the security settings in IE9 beta to allow embedded videos to show.
The problem arises as YouTube videos use HTTP, so I had to enable the mixed content option for the videos to be displayed (see screenshots for how to enable mixed content)
Firefox, Chrome and Safari don't grumble about mixed content, seems to be only an Internet Explorer thing.
I had similar problems on VB4, with use of Skype status, etc, as most of these use HTTP and lead to mixed content problems in Internet Explorer.
Also encountered problems with HTTPS using iPhone/iPad ForumRunner and Tapatalk apps.
XenForo looks GREAT on iPad and is quite viewable on iPhone, so I don't see me encountering as much of a problem with HTTPS and XenForo
XenForo is running sweet on my SSL test site, but having only the login secured via HTTPS would be a welcome option to those just wanting to encrypt logon credentials.
HTTPS config worked first time on my XenForo test site, nice work chaps
I've only came across one problem using SSL on XenForo, but that is to do with Internet Explorer, nothing to do with XenForo.
I had to enable the "display mixed content" option in the security settings in IE9 beta to allow embedded videos to show.
The problem arises as YouTube videos use HTTP, so I had to enable the mixed content option for the videos to be displayed (see screenshots for how to enable mixed content)
Firefox, Chrome and Safari don't grumble about mixed content, seems to be only an Internet Explorer thing.
I had similar problems on VB4, with use of Skype status, etc, as most of these use HTTP and lead to mixed content problems in Internet Explorer.
Also encountered problems with HTTPS using iPhone/iPad ForumRunner and Tapatalk apps.
XenForo looks GREAT on iPad and is quite viewable on iPhone, so I don't see me encountering as much of a problem with HTTPS and XenForo
Attachments
gib
Well-known member
If you use shared hosting , might be worth checking if they provide a generic web certificate, based on the shared host name (not the web site name, which costs extra)
It's not very elegant looking, but if your hosting provider offers them, they are useful for securing customer logins and are free with my shared hosting provider.
