Jump to content

Community

HTTPS


Seth Jones
 Share

Recommended Posts

I have a question, why is HTTPS only the login? I'm not real familiar with HTTPS, but I noticed vBulletin has it on their entire site. Does it make the server slower, or is it not worth doing the entire data protocol?

If there's only positive it can do, why not add it to IP.Board or have a more advanced HTTPS settings module.

Link to comment
Share on other sites

  • Management

HTTPS encrypts data transmitted between the server and your browser. It does slow down the data transactions. The only time we consider it even remotely important is on login because that is the only time your password is ever sent in plain text.

Link to comment
Share on other sites

  • Management

I should say that some of our clients use https for their entire community because they are talking about sensitive things. These are mostly banking or intranet clients. I cannot see the need to encrypt data on most communities.

Link to comment
Share on other sites

I should add that HTTPS communication doesn't automatically mean that the connection is secure. Since a lot of object on vBulletin's pages are not secured by SSL, the connection and data transmission can be eavesdropped by malicious bytes.

Link to comment
Share on other sites

It's also worth noting that IP.Board *does* allow you to encrypt the entire transaction as Charles alluded to earlier. You simply set your board_url or base_url in conf_global.php to use https instead of http. As Charles indicated, however, the extra overhead is generally not worth it for most communities.

Link to comment
Share on other sites

I've just switched my login and registration screens to HTTPS, going through a painful process if pleasing IE9 which insisted there was insecure content. What a pain in the proverbial behind.

I've also secured my ACP through HTTPS as well, using a guide in the documentation area: http://community.invisionpower.com/resources/articles.html/_/ipboard-3x/simple-modifications/how-to-require-ssl-for-admin-cp-r532

I've seen other solutions for securing the ACP, but this one is definitely my preferred. The only other thing I am likely to do is rename the admin folder.

Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy