How secure is the login/registration form?

Jaxel

Jaxel

Well-known member
I have a user on one of my forums, asking about security through logins. His complaint is that our website is not HTTPS; so the login form is potentially insecure as data is submitted in the clear.

Now, putting the forum behind SSL is not an option. As we do a lot through Twitch/YouTube/etc, and not all those services support HTTPS. For instance, you can't reliably embed a Twitch stream on an HTTPS server, since they don't have methods to handle that and you get mixed-content errors.

Is there a way to make the login form more secure?
 
Sort by date Sort by votes
Not really.

XenForo sets the 'ssl only' flag if the cookie touches an ssl connection, after which point every sane browser will throw the cookie away if it touches http.

It doesn't actually win you very much to login via https and then have your session token transmitted in clear text.
 
  • Like
Reactions: HWS
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

DragonByte Tech
XF 2.0 Best practice for implementing the login & registration forms on a single page
Replies
5
Views
417
DragonByte Tech
DragonByte Tech
flowerpot132
How secure is your forum
Replies
6
Views
925
Mouth
Mouth
D
  • Question Question
How secure is XenForo?
Replies
5
Views
6K
ManagerJosh
ManagerJosh
|Jordan|
  • Question Question
How Secure Is Xenforo compared to VB4?
2
Replies
35
Views
3K
DRE
DRE
Back
Top Bottom