Jump to content

Why does IP.Board only support https for the login page?


Recommended Posts


Shouldn't it be on every page when you are logged in? I can still steal someone's cookie information if I really wanted to if it's not from an https.


You can enable it JUST for the login page, OR for the entire site. Some people find it more convenient to enable it for the login page only.
Link to comment
Share on other sites

You can use HTTPS for everything by changing your board's URL. We added a setting to force HTTPS for logins because that's when more security might be needed than a typical http session. Sending everything over HTTPS is slower and requires more bandwidth but it's supported. :)

Link to comment
Share on other sites

I can still steal someone's cookie information if I really wanted to if it's not from an https.


For what it's worth... no you can't. Not unless you have intentionally loosened IP.Board's security settings to allow that to be accomplished. For one thing, the session cookies are HttpOnly, so they can't be accessed by Javascript at all.
Link to comment
Share on other sites

Honestly though, I would find the setting so much more useful if IPS gave us more freedom to specify it for an APP for URL Structure... Example, Having it in the Nexus or Subscriptions APP would be perfect. I know that i could do this manually however it would be really nice if you guys went into that direction for this specific setting... seeing as how not many will use it for login but surely for something else.

Link to comment
Share on other sites


Honestly though, I would find the setting so much more useful if IPS gave us more freedom to specify it for an APP for URL Structure... Example, Having it in the Nexus or Subscriptions APP would be perfect. I know that i could do this manually however it would be really nice if you guys went into that direction for this specific setting... seeing as how not many will use it for login but surely for something else.




Nexus has it's own setting to enable https on appropriate pages.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...