mitsos Posted May 1, 2014 Report Posted May 1, 2014 Since I didn't see a forum related to the forum (no pun intended) I'm posting this here. Please set up redirect/rewrite for the forum to point to https. People arriving here and clicking the sign in button don't realise that the connection isn't encrypted. Even when on the https site though, the signing in triggers a "to be sent over unencrypted etc...etc..." error. In other words, please enable all HTTPS for the forum, no regular version. Defense against this being that it will impose a higher load on the server, are, IMHO, not valid, since the load is minimal. Thank you
Paul Posted May 1, 2014 Report Posted May 1, 2014 Thanks for the suggestion, I'll take a look at this shortly. When you use HTTPS it complains about some resources that link directly to http, so I need to figure out what's going on there first.
mitsos Posted May 2, 2014 Author Report Posted May 2, 2014 Linking something with http when using https shouldn't be a problem, since only that is left unencrypted. From a performance viewpoint, I found that the performance impact is so minimal, I always set up http > https redirects when a customer of mine orders an SSL certificate for his/her site.
S-Jack Posted May 3, 2014 Report Posted May 3, 2014 On 5/1/2014 at 7:36 PM, Paul said: Thanks for the suggestion, I'll take a look at this shortly. When you use HTTPS it complains about some resources that link directly to http, so I need to figure out what's going on there first. The logo is one of them the actual link for it is "http://staging.blesta.com/forums/public/style_images/1_blesta-logo-ipboard.png" not https://www.blesta.com/forums/ or something
John Posted April 18, 2016 Report Posted April 18, 2016 I know this is a major topic bump, but SSL has not been implemented on the forum yet. Can we get it implemented sometime soon? Especially since we are sending usernames and passwords over an unencrypted connection. It does not even need to be forced, just an option for those of us who want it.
Paul Posted April 18, 2016 Report Posted April 18, 2016 On 4/18/2016 at 6:14 PM, John said: I know this is a major topic bump, but SSL has not been implemented on the forum yet. Can we get it implemented sometime soon? Especially since we are sending usernames and passwords over an unencrypted connection. It does not even need to be forced, just an option for those of us who want it. We will be deploying a new server with a new website in the v4.0 timeline and forcing HTTPS for all connections. It's an issue currently with the existing website, and the current server. Soon Michael and John 2
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now