KT Walrus Posted August 27, 2009 Share Posted August 27, 2009 In addition to the option to use HTTPS for password pages, I'd like to see an Admin CP setting to allow the user to access the board using HTTPS all the time (a per member preference). Also, I'd like to have a setting to force all users to use HTTPS. Also, the Admin CP should be accessible only over HTTPS (by a setting). This is the way my GMail company email works and some users would like to have the added security of accessing a board over HTTPS. I know HTTPS slows things down a bit and puts more of a load on the server, but I think it should be a supported option (especially for corporate forums or forums where content access is only by login and some content is only accessible to some members). Link to comment Share on other sites More sharing options...
bfarber Posted August 28, 2009 Share Posted August 28, 2009 You simply change your board url in conf_global.php to use https in this case. There's no need for a setting to do this. We have a bug report open on this and are likely going to add https support to the ACP when the login over HTTPS bug is fixed. I'm not sure yet if it will cover the entire ACP or just logging into the ACP.Also, I'd like to have a setting to force all users to use HTTPS.Also, the Admin CP should be accessible only over HTTPS (by a setting). Link to comment Share on other sites More sharing options...
KT Walrus Posted August 28, 2009 Author Share Posted August 28, 2009 I'd still like to see a user preference to enable HTTPS just for that user. HTTPS is slower and many users won't care to use this if it makes the board run slower. I also don't really want to enable it for everyone as it will just eat up more server resources for people who don't care about eavesdroppers. As for the ACP, I would think you would want the whole ACP covered by HTTPS since a lot (or some) of what you see and do in the ACP is sensitive. Of course, it is hard to see a hacker really going to the trouble to monitor all your traffic to and from the ACP. All they really would want is the ACP password. I restrict ACP to my IP (by configuring my webserver) so this is less of an issue for me, but I still wouldn't want my ACP password to be sent as plain text and subject to someone watching packets sent to and from my webserver. Link to comment Share on other sites More sharing options...
AtariAge Posted August 28, 2009 Share Posted August 28, 2009 Yeah, I'd like to use HTTPS for all ACP activity. I already have HTTPS login enabled on my forum. .Al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.