• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SSL / HTTPS Integration

Alfa1

Well-known member
#3
SSL is one of those things that is very hard to add as an addon, because having both SSL as non-SSL running takes 2 synchronized installations.
 
#4
It could be possible to offer an SSL directory with the core, login, register and control panels on which they move to where their SSL certificate is located and then turn SSL on in the control panel.
 

Caliburn

Well-known member
#7
Well you'll still require SSL support through the software similar to what IP.Board has going. I'm talking full SSL certificate support through the AdminCP, logins, posts, and what have you.
 
#8
Don't think there is much needs to be handle just once SSL is on you can change the forum url to the secured one or specify which sections should be considered secure and viewed through a secured page.
 

mlx

Well-known member
#9
So how does IPB do things?

Are we talking about forcing people to login via SSL while they are browsing the forum via normal http?
 
#10
Actually i am not sure about IPB, I personally did not see such setting in the ACP i must say. But yea the concept is that you'll force users to view certain pages IE: Login Page through a secured connection.
 

Shamil

Well-known member
#12
Thanks to the mod who merged upon report.

I think SSL could be useful in some situations, but if you're going to have SSL on $_POST etc, why not have SSL enabled on the whole site, and set https for the jQuery call in the template?
 

gib

Active member
#14
I'm hoping site wide SSL is available simply by specifying it on the base forum URL.

More and more folks are accessing via mobile devices these days, it makes sense to at least encrypt username/password details when logging in, but also useful to encrypt all site url's and associated web traffic.
 
#18
I already have certs, and I have had a few hackers from my previous forums that were able to capture login credentials. So now I rather stick to https for all login processes. I have hired a small CentOS security team to secure my sever as best as possible from attacks.