SMF Support > SMF 2.0.x Support

Secure login?

(1/7) > >>

razors edge:
Is it possible to make login a bit more secure using ssl or some other method? People using packet sniffer software are able to gain logins from the forum. Many of my members tend to be travelers and on the road alot so they login from hotels and coffee shops. What would be my best option for secure login?

Using smf 2.0.1

razors edge:
I was looking at the ssl keys and wanted to know can I just purchase a ssl key and use that for the entire site including the forums?

Based on another user's report... no, just purchasing the certificate and setting your site https will not actually work....   I assume there are probably places in the code which have to be changed form http to https....

I used to use the SMF Secure Login mod,,  on my forum before I upgraded to 2.0.1. It is not compatible with 2.0.1, so I tried modifying the url in settings.php, but numerous images in the theme are being delivered without ssl causing partial encryption errors.

I'm surprised that an ssl login option is not part of the forum itself as the application gets flagged if on a server that needs to have pci compliance scans. Any hope that this will be added in the future?

I agree that it would be a good idea to offer a way (a mod?) to allow at least a secure signon, as well as the entire site in SSL. It's not in the base code because most people couldn't care less that the public can read the posts (that's how you attract new members), and aren't concerned enough about password security to spring for the expense of an SSL certificate. If you have something else on the site that needs SSL (such as a store with credit card processing), it's no added expense. The one drawback is that the login procedure would have to be changed to go to a separate page (which could also handle registrations, password changes, lost passwords, etc.) in order to be under SSL. See Drupal as an example.


[0] Message Index

[#] Next page

Go to full version