Loading...
 
Architecture / Installation

Architecture / Installation


Register not over SSL?

posts: 13

So, unless I'm missing something, this seems bad:

I've enabled (and enforce) logins to be over SSL (HTTPS), and it's working as intended. However, there seems to be no way to configure the system to use SSL for the registration phase. Which means, unless the user is very careful and explicitly changes the URL to be https:// when he registers, he'll send his password unencrypted over the wires.

I've temporarily fixed this myself by forcing the form request to go over SSL (modifying the template), but shouldn't this be configured similar to the login box? In fact, I think if I enable the "force" login over SSL feature, registration should also always be over SSL. A nice UI might also offer an "register securely" alternative link.

There are no comments at this time.

Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting