Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-15053

Confirm to users that wish to register or log-in over an insecure connection of http (port 80)

    Details

      Description

      When a forum runs http (port 80), and not a secured connection with https (port 443), a warning page should be displayed prompting users to confirm that they wish to log in over an insecure connection. This page should be displayed for those that are registering and for people logging in. When a site does support https (port 443), there should be no prompt, warning, or confirmation displayed to anyone.

      This is a security trend that is being adopted by Mozilla starting with Firefox 51.0, and by WordPress as shown here:

      http://www.tomshardware.com/news/firefox-chrome-http-login-pages,33468.html
      https://wordpress.org/news/2016/12/moving-toward-ssl/

      phpBB should take a proactive approach to this as well so that forum admins and site owners are encouraged to move their site towards https (SSL/TLS).

      My topic:

      https://www.phpbb.com/community/viewtopic.php?f=64&t=2405346

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Heo32 Heo32
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: