Results 1 to 4 of 4
  1. #1
    Getting there....
    Join Date
    Oct 2010
    Location
    Near Utrecht, NL
    Posts
    272
    Thanked: 50

    Default SSL for logins/site?

    Hi guys, I just went to srp on an open wifi and noticed there is no port open for SSL connections. Could it be possible you get a really cheap certificate so we can have secured logins/sessions?

  2. #2
    This is not my actual head. HNSB's Avatar
    Join Date
    Nov 2009
    Location
    Middle of nowhere, Minnesota
    Posts
    4,623
    Thanked: 1371
    Blog Entries
    2

    Default

    Vbulletin doesn't support SSL login: https://www.vbulletin.com/forum/showthread.php/380120-Need-Info-on-how-to-configure-SSL-(https-)-for-login-pages

    Currently, passwords are md5 hashed which makes it much harder (but not impossible) for an eavesdropper to utilize it.

    Strange women lying in ponds distributing swords is no basis for a system of government.

  3. #3
    Getting there....
    Join Date
    Oct 2010
    Location
    Near Utrecht, NL
    Posts
    272
    Thanked: 50

    Default

    If your webserver does SSL/TLS, the application (vbulletin here) doesn't care about whether it is over SSL or not. The thread you linked is about logins only over SSL, if you get a cookie over SSL and use it on the unsecured pages, the cookie can get sniffed and you gain nothing.

    Also, relying on client-side java script support is sketchy (I have it turned off by default). I'm too lazy to find out whether the md5 is salted. But even then (the salt is passed to the client anyway). Also, MD5 isn't considered secure anymore.

    I wouldn't mind you guys just saying 'non!', as this isn't an important/high profile website. I was giving food for thought.

    Cheers!

  4. #4
    Never a dull moment hoglahoo's Avatar
    Join Date
    Feb 2008
    Location
    Tulsa, OK
    Posts
    8,922
    Thanked: 1501
    Blog Entries
    1

    Default

    Quote Originally Posted by BrickBag View Post
    this isn't an important/high profile website.
    What? I can't believe you said that! *sob*

    Quote Originally Posted by BrickBag View Post
    I was giving food for thought.
    At least our md5 is salted
    Find me on SRP's official chat in ##srp on Freenode. Link is at top of SRP's homepage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •