News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SMF Secure Login

Started by 青山 素子, August 12, 2007, 03:12:00 PM

Previous topic - Next topic

青山 素子

Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Mr. Pirate

Can you update this please!

Thanks

青山 素子

As soon as I can. Right now, I'm working on getting a multi-million-dollar project launched for a client.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


ACA_web

I would also like to see this upgraded for SMF 2.0.1. Just want to let you know that the demand is out there. Hope your project went well or is still going well!

青山 素子

Thank you for the kind words. I hope to find the time to get this back and maintained.

The project launched on Sunday night/Monday morning. It's done okay so far, just mostly minor issues have been found, so now I'm going through the backlog of requests that got pushed away because of that project.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Aldo_MX

It was actually a trivial change... took me 5 mins to update it.

I removed support for 2.0 betas and increased version number to 1.0.5, hope you don't mind.

hxxp:aldo.mx/files/SMFSecureLogin_1-0-5.zip [nonactive]

青山 素子

Aldo, according to the license I released this under, redistribution is not allowed.

Actually, you know what? Whatever. Have fun. I will not support any modified versions.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


wlchase

Another hopeful fan, hoping you can get the time to update this mod.


Be well,
Bill
Bill http://www.czfirearms.us  SysAdmin

cfoellmann

#68
Any timeframe for an official release for the current smf version?

OR is the 1.4b sufficient for the current SMF?

ADD: Where can we submit patches? Using a GitHub repo?

青山 素子

Quote from: cfoellmann on September 03, 2012, 05:35:12 AM
Any timeframe for an official release for the current smf version?

When I have time. Right now, I'm quite backlogged. If you want full security, I advise putting the whole site under SSL.


Quote from: cfoellmann on September 03, 2012, 05:35:12 AM
ADD: Where can we submit patches? Using a GitHub repo?

Send them to me in PM for now. Keep in mind that the license is still currently the old SMF license but this may change in the future. Only send me code if you're fine with the license changing on any contributions. I do have a repository, but it's currently a private one over on BitBucket. If I do open it up to the public, you'll see it over there.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


ACA_web

Just wondering if others looking for logins under SSL have found another solution. I see the advice of putting the entire login under SSL, how exactly does one do this?

badon

I believe Apache can forward all HTTP URLs to HTTPS. As I understand it, SMF is about a decade behind the rest of the world in supporting HTTPS. That has made me consider possibly dumping SMF in favor of...vBulletin. That would be a shame.

青山 素子

Quote from: badon on December 25, 2012, 12:40:05 AM
I believe Apache can forward all HTTP URLs to HTTPS. As I understand it, SMF is about a decade behind the rest of the world in supporting HTTPS.

Huh? Can you explain what you mean?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Paracelsus

To the MOD author, is this OK to be used in the most recent version of SMF 2.0.x?

青山 素子

I have not tested it, but you're free to try. If it installs without issue, it should work fine. Do not force it, or you could end up with a broken forum.

Please also make sure that SSL is functioning properly before turning things on, or it will break logins.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Dumke

Quote from: 青山 素子 on July 11, 2016, 12:17:22 AM
I have not tested it, but you're free to try. If it installs without issue, it should work fine. Do not force it, or you could end up with a broken forum.

Please also make sure that SSL is functioning properly before turning things on, or it will break logins.

It has alot of errors for me.
So i'd say probably wise not to install it.


BK_123

Is this mod going to be updated to support the latest version of SMF as I can't use any version of this mod with the latest SMF updates.

青山 素子

It might be updated eventually. However, given changes in the Internet, including the increased emphasis on securing the web, it is a better idea to run everything over SSL rather than the login process only.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


fritz_ch

#78
I know I dig out the dead but I desperately need to secure my login site via https. I run 2.0.15 now and I changed the forum url already to https and my forum can only be accessed when logged in. Nonetheless, the login page presented at forumhome now is still http by default.

wunderbunny

@fritz_ch, do you have any mixed content on your "forumhome" page?  All the links in your page should be coded "https://", not "http://".

Also, the information on these page might help you work out the problem.

https://www.simplemachines.org/community/index.php?topic=555034.0

https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content#mixed_content_weakens_https [nofollow]

Advertisement: