Jump to content

Full SSL support


Makoto
 Share

Recommended Posts

  • 2 weeks later...

I think I'm about to pull the trigger on purchasing IPS, but I'm a bit surprised to see this is not available. Security is a key point of concern, not just for the operation of the site, but even for the subject matter of my planned site. I would very much like to see this implemented if I do purchase.

Link to comment
Share on other sites

Yeah. You make a good point.

There was actually one other thing I wanted to post about.

When forcing SSL that way, the site still loads images from style_images (such as your logo and emoticons) using HTTP, not HTTPS.

I'm looking for a simple way to fix that right now.

Link to comment
Share on other sites

Specifying a manual link to the logo (overriding {style_images_url}) works.

Emoticons are still pulling from HTTP, but other than that, everything works well.

A few users are complaining about an odd issue in Safari ever since switching, but I don't see how that's relevant.

I won't bother posting about it until I get more information.

Link to comment
Share on other sites

You will have trouble with any content pulled from outside such as adverts and posts with images from the likes of Photo Bucket but anything from inside your domain such as public/style_images/* should be fine. I'm beginning to wonder whether it is worth the effort honestly because a partial encryption warning to the visitor is worse than no encryption.

Link to comment
Share on other sites


You will have trouble with any content pulled from outside such as adverts and posts with images from the likes of Photo Bucket but anything from inside your domain such as public/style_images/* should be fine. I'm beginning to wonder whether it is worth the effort honestly because a partial encryption warning to the visitor is worse than no encryption.



I did take this into factor.

I think AdSense even uses HTTPS, but I don't even have any adverts on my site whatsoever.

However, I just think it's nice to have that "fully encrypted" image where possible, even if it's only on the board index.

Right now everything on the site (ACP included) is fully encrypted without issue. Only when opening threads with smileys or external image links does it show partial encryption.

So I'm happy enough with how it is now.
Link to comment
Share on other sites

i don't think full SSL work. you need to know that if you want to use full SSL no images may be use from different website.
Example an image that's from a external website for your avatar or signature, that make your SSL directly insecure...

you can use t his in your conf_global.php so you can access the admin pannel with SSL


$INFO['board_url'] = $GLOBALS['boardurl'] = (!empty($_SERVER['HTTPS']) ? 'https://' : 'http://') . 'www.yourwebsite.com';

and this on your admin folder in a .htaccess file


RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

Link to comment
Share on other sites


i don't think full SSL work. you need to know that if you want to use full SSL no images may be use from different website.


Example an image that's from a external website for your avatar or signature, that make your SSL directly insecure...



you can use t his in your conf_global.php so you can access the admin pannel with SSL




$INFO['board_url'] = $GLOBALS['boardurl'] = (!empty($_SERVER['HTTPS']) ? 'https://' : 'http://') . 'www.yourwebsite.com';

and this on your admin folder in a .htaccess file


RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://domain.com/$1 [R,L]



Of course. We've established that external images will break the "full" SSL status of a web page, but that doesn't really matter entirely.

If you actually care about security, I think partial encryption can be better than nothing at all. That "warning" is generally just a dialogue window most people disable after they first see it.

It's not a big issue.
Link to comment
Share on other sites

  • 4 weeks later...

As we said - full SSL support is already available ;)

1. Change the URL in conf_global.php
2. Go to Admin CP --> Look & Feel --> Template Tools - click "Recache Skin Sets"
3. Change the "Upload URL" under Admin CP --> System --> System Settings --> General Configuration

Link to comment
Share on other sites

  • 4 weeks later...

I think you're kind of missing the point. I think many admins would like to activate https for logged in members. That's what I need, and how I landed on this thread... is it possible to use http for guests, and https for members?




Currently you can't, the board can only use one or the other, there is an option for login's only to protect user info, if your concerned about security on another part of the site, run the whole site under ssl, the problem with running under ssl is you have to restrict your users from posting remote images, if you are ok with this then run the whole site as ssl and the problem is solved.
Link to comment
Share on other sites

run the whole site as ssl and the problem is solved.



The problem is that css is not served as files they are all embedded which is a terrible thing
Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...