Just one idea here I'm throwing into the fire.. Give admin the ability to add a https url for user logins/logouts and the option to keep them logged in under ssl after login or not. Again, this would be optional for admin to use. I don't like the idea of running a site under https all the time personally and that's why I suggested optional.
Regards
We can't do that. Only you and your host can control that.
(2009-01-16, 02:02 AM)RenegadeFan Wrote: [ -> ]We can't do that. Only you and your host can control that.
Currently MyBB hard-codes the http extension so even if the host has ssl setup, it can't be used with MyBB.
And yes Hemi, this has been on the todo list for a while and is being considered for a future version.
I would think some custom edits would make this possible. SSL is of course controlled by your host. You would then need to edit member.php and the signup links to be https but it can be done if you spend the time to make these alterations. imho it's a fairly good idea to have the option.
In general, how easy is it for hackers to intercept (and read) the data with a HTTP login?
If they want to do it...they can. SSL is certainly a deeper level of protection though. You might want to ask yourself how valuable is the information you want to protect. Forum logins shouldn't be subject imho to high security. Certainly don't use the same password on a forum that you would say at Paypal or even your email address. That's just poor security.
Normally SSL logins are reserved for commerce sites where personal information may be stored. On a forums there is little that can be exposed.