Jump to content

HTTPS


Seth Jones

Recommended Posts

I have a question, why is HTTPS only the login? I'm not real familiar with HTTPS, but I noticed vBulletin has it on their entire site. Does it make the server slower, or is it not worth doing the entire data protocol?

If there's only positive it can do, why not add it to IP.Board or have a more advanced HTTPS settings module.

Link to comment
Share on other sites

  • Management

HTTPS encrypts data transmitted between the server and your browser. It does slow down the data transactions. The only time we consider it even remotely important is on login because that is the only time your password is ever sent in plain text.

Link to comment
Share on other sites

  • Management

I should say that some of our clients use https for their entire community because they are talking about sensitive things. These are mostly banking or intranet clients. I cannot see the need to encrypt data on most communities.

Link to comment
Share on other sites

I should add that HTTPS communication doesn't automatically mean that the connection is secure. Since a lot of object on vBulletin's pages are not secured by SSL, the connection and data transmission can be eavesdropped by malicious bytes.

Link to comment
Share on other sites

It's also worth noting that IP.Board *does* allow you to encrypt the entire transaction as Charles alluded to earlier. You simply set your board_url or base_url in conf_global.php to use https instead of http. As Charles indicated, however, the extra overhead is generally not worth it for most communities.

Link to comment
Share on other sites

I've just switched my login and registration screens to HTTPS, going through a painful process if pleasing IE9 which insisted there was insecure content. What a pain in the proverbial behind.

I've also secured my ACP through HTTPS as well, using a guide in the documentation area: http://community.invisionpower.com/resources/articles.html/_/ipboard-3x/simple-modifications/how-to-require-ssl-for-admin-cp-r532

I've seen other solutions for securing the ACP, but this one is definitely my preferred. The only other thing I am likely to do is rename the admin folder.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...