Jump to content

Community

Recommended Posts

I have a question, why is HTTPS only the login? I'm not real familiar with HTTPS, but I noticed vBulletin has it on their entire site. Does it make the server slower, or is it not worth doing the entire data protocol?

If there's only positive it can do, why not add it to IP.Board or have a more advanced HTTPS settings module.

Share this post


Link to post
Share on other sites

HTTPS encrypts data transmitted between the server and your browser. It does slow down the data transactions. The only time we consider it even remotely important is on login because that is the only time your password is ever sent in plain text.

Share this post


Link to post
Share on other sites

I should say that some of our clients use https for their entire community because they are talking about sensitive things. These are mostly banking or intranet clients. I cannot see the need to encrypt data on most communities.

Share this post


Link to post
Share on other sites

I should add that HTTPS communication doesn't automatically mean that the connection is secure. Since a lot of object on vBulletin's pages are not secured by SSL, the connection and data transmission can be eavesdropped by malicious bytes.

Share this post


Link to post
Share on other sites

It's also worth noting that IP.Board *does* allow you to encrypt the entire transaction as Charles alluded to earlier. You simply set your board_url or base_url in conf_global.php to use https instead of http. As Charles indicated, however, the extra overhead is generally not worth it for most communities.

Share this post


Link to post
Share on other sites

I've just switched my login and registration screens to HTTPS, going through a painful process if pleasing IE9 which insisted there was insecure content. What a pain in the proverbial behind.

I've also secured my ACP through HTTPS as well, using a guide in the documentation area: http://community.invisionpower.com/resources/articles.html/_/ipboard-3x/simple-modifications/how-to-require-ssl-for-admin-cp-r532

I've seen other solutions for securing the ACP, but this one is definitely my preferred. The only other thing I am likely to do is rename the admin folder.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy