Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-15053

Confirm to users that wish to register or log-in over an insecure connection of http (port 80)

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 4.0.0-a1, 3.3
    • Login, Sessions
    • PHP 7.1+, MySQL 5.7.17+, Firefox 51.0+

      When a forum runs http (port 80), and not a secured connection with https (port 443), a warning page should be displayed prompting users to confirm that they wish to log in over an insecure connection. This page should be displayed for those that are registering and for people logging in. When a site does support https (port 443), there should be no prompt, warning, or confirmation displayed to anyone.

      This is a security trend that is being adopted by Mozilla starting with Firefox 51.0, and by WordPress as shown here:

      http://www.tomshardware.com/news/firefox-chrome-http-login-pages,33468.html
      https://wordpress.org/news/2016/12/moving-toward-ssl/

      phpBB should take a proactive approach to this as well so that forum admins and site owners are encouraged to move their site towards https (SSL/TLS).

      My topic:

      https://www.phpbb.com/community/viewtopic.php?f=64&t=2405346

            Marc Marc
            Heo32 Heo32
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: