Force SSL on Forum

warmwaffles · November 02, 2013, 10:29:40 AM

Should be a no brainer. You need to be forcing SSL on the connection to the forum. Otherwise, usernames and passwords are sent clear text over the wire.

Sliverine · November 02, 2013, 12:21:02 PM

The question is whether the usernames and passwords are important enough to be utilizing SSL over. It's simply a username and password to a simple forum which, incidentally, is not exactly very huge so utilizing security protocols for this would be nice but not exactly a requirement, considering the scenario. Plus, the overhead incurred from the use of SSL and the complications that might occur are all factors to be considered.

warmwaffles · November 02, 2013, 12:44:01 PM

Quote from: Sliverine on November 02, 2013, 12:21:02 PM
The question is whether the usernames and passwords are important enough to be utilizing SSL over. It's simply a username and password to a simple forum which, incidentally, is not exactly very huge so utilizing security protocols for this would be nice but not exactly a requirement, considering the scenario. Plus, the overhead incurred from the use of SSL and the complications that might occur are all factors to be considered.

Of course it's important. There is no reason not to. Passwords are sent over plain text. Not everyone is going to keep separate credentials for their accounts. This is a disservice to everyone by not having it. I use multiple accounts, but that does not mean you do.

Security doesn't just stop at SSL either.

Force SSL on Forum

warmwaffles

Sliverine

warmwaffles