Eduardo Bautista Posted August 1, 2012 Share Posted August 1, 2012 Shouldn't it be on every page when you are logged in? I can still steal someone's cookie information if I really wanted to if it's not from an https. Link to comment Share on other sites More sharing options...
Mikey B Posted August 1, 2012 Share Posted August 1, 2012 Shouldn't it be on every page when you are logged in? I can still steal someone's cookie information if I really wanted to if it's not from an https.You can enable it JUST for the login page, OR for the entire site. Some people find it more convenient to enable it for the login page only. Link to comment Share on other sites More sharing options...
Collin S. Posted August 1, 2012 Share Posted August 1, 2012 You can use HTTPS for everything by changing your board's URL. We added a setting to force HTTPS for logins because that's when more security might be needed than a typical http session. Sending everything over HTTPS is slower and requires more bandwidth but it's supported. :) Link to comment Share on other sites More sharing options...
Ryan H. Posted August 1, 2012 Share Posted August 1, 2012 I can still steal someone's cookie information if I really wanted to if it's not from an https. For what it's worth... no you can't. Not unless you have intentionally loosened IP.Board's security settings to allow that to be accomplished. For one thing, the session cookies are HttpOnly, so they can't be accessed by Javascript at all. Link to comment Share on other sites More sharing options...
Nevo Posted August 2, 2012 Share Posted August 2, 2012 Honestly though, I would find the setting so much more useful if IPS gave us more freedom to specify it for an APP for URL Structure... Example, Having it in the Nexus or Subscriptions APP would be perfect. I know that i could do this manually however it would be really nice if you guys went into that direction for this specific setting... seeing as how not many will use it for login but surely for something else. Link to comment Share on other sites More sharing options...
Mark Posted August 2, 2012 Share Posted August 2, 2012 Honestly though, I would find the setting so much more useful if IPS gave us more freedom to specify it for an APP for URL Structure... Example, Having it in the Nexus or Subscriptions APP would be perfect. I know that i could do this manually however it would be really nice if you guys went into that direction for this specific setting... seeing as how not many will use it for login but surely for something else. Nexus has it's own setting to enable https on appropriate pages. Link to comment Share on other sites More sharing options...
Management Charles Posted August 2, 2012 Management Share Posted August 2, 2012 If you could steal someone's cookie that easily we would have rather large problems on the web :) Link to comment Share on other sites More sharing options...
Planetby Posted August 2, 2012 Share Posted August 2, 2012 Stop mentioning cookie's i'm hungry :lol: Link to comment Share on other sites More sharing options...
Eduardo Bautista Posted August 5, 2012 Author Share Posted August 5, 2012 If you could steal someone's cookie that easily we would have rather large problems on the web :smile:Well, this is mostly a problem on public wifi hotspots. I didn't mean stealing the cookie from someone using a different internet connection. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.