Not an issue: SSL Login?

Discussion in 'Site Problems & Feedback' started by chaos945, Apr 16, 2010.

Thread Status:
Not open for further replies.
  1. chaos945

    chaos945 Moderator

    Messages:
    934
  2. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,931
    Location:
    Seattle
    Why would you need this for a forum?
     
  3. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    I've considered implementing this many times, and it is entirely possible, however each time it comes down to "why?", especially since implementing it for just login changes nothing.

    The rest of the content would still be hosted over http as it is too expensive CPU wise to do everything over HTTP, and since after login a cookie is set session hijacking is still possible (sure, the attackers might not have your username/password but they have your session, and can do anything they want as you).

    Unless we (osnn.net management) decided to go fully SSL secured, and take the CPU/caching hit, having SSL secured login would be a false sense of security.

    If you are browsing from a network that you believe has been compromised you shouldn't be doing any browsing unless you VPN to a remote server that can be trusted, and you have verified your own computer hasn't been compromised. SSL secured logins won't help against computers that have been compromised locally. Internet Cafe computers for example are always suspect and should always be used with caution.
     
Thread Status:
Not open for further replies.