June 28, 2011 in Feedback
I have a question, why is HTTPS only the login? I'm not real familiar with HTTPS, but I noticed vBulletin has it on their entire site. Does it make the server slower, or is it not worth doing the entire data protocol?
If there's only positive it can do, why not add it to IP.Board or have a more advanced HTTPS settings module.
HTTPS encrypts data transmitted between the server and your browser. It does slow down the data transactions. The only time we consider it even remotely important is on login because that is the only time your password is ever sent in plain text.
I understand, thanks for clearing that up. :)
I should say that some of our clients use https for their entire community because they are talking about sensitive things. These are mostly banking or intranet clients. I cannot see the need to encrypt data on most communities.
I should add that HTTPS communication doesn't automatically mean that the connection is secure. Since a lot of object on vBulletin's pages are not secured by SSL, the connection and data transmission can be eavesdropped by malicious bytes.
That's only true of those non-secure parts though :)
It's also worth noting that IP.Board *does* allow you to encrypt the entire transaction as Charles alluded to earlier. You simply set your board_url or base_url in conf_global.php to use https instead of http. As Charles indicated, however, the extra overhead is generally not worth it for most communities.
I've just switched my login and registration screens to HTTPS, going through a painful process if pleasing IE9 which insisted there was insecure content. What a pain in the proverbial behind.
I've also secured my ACP through HTTPS as well, using a guide in the documentation area: http://community.invisionpower.com/resources/articles.html/_/ipboard-3x/simple-modifications/how-to-require-ssl-for-admin-cp-r532
I've seen other solutions for securing the ACP, but this one is definitely my preferred. The only other thing I am likely to do is rename the admin folder.
This topic is now archived and is closed to further replies.
Started 3 hours ago
Started September 9
Leon de Graaff
Started 23 hours ago