[PHPBB3-15053] Confirm to users that wish to register or log-in over an insecure connection of http (port 80)

XML

Word

Printable

Details

Type: New Feature
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 4.0.0-a1, 3.3
Fix Version/s: None
Component/s: Login, Sessions
Labels:
Environment:
PHP 7.1+, MySQL 5.7.17+, Firefox 51.0+

Description

When a forum runs http (port 80), and not a secured connection with https (port 443), a warning page should be displayed prompting users to confirm that they wish to log in over an insecure connection. This page should be displayed for those that are registering and for people logging in. When a site does support https (port 443), there should be no prompt, warning, or confirmation displayed to anyone.

This is a security trend that is being adopted by Mozilla starting with Firefox 51.0, and by WordPress as shown here:

http://www.tomshardware.com/news/firefox-chrome-http-login-pages,33468.html
https://wordpress.org/news/2016/12/moving-toward-ssl/

phpBB should take a proactive approach to this as well so that forum admins and site owners are encouraged to move their site towards https (SSL/TLS).

My topic:

https://www.phpbb.com/community/viewtopic.php?f=64&t=2405346

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Heo32

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 27/Jan/17 12:33 AM

Updated:: 01/Oct/17 5:42 PM