TennShadow Posted December 30, 2016 Report Posted December 30, 2016 We all can agree that HTTP is not secure and anytime you login your username and password is sent in clear text. There have been several people try to add SSL to PHPVMS but have had alots of issues. I'm not sure what can be done to make SSL easier to use in the next gen version of PHPVMS but I an for it. I would go SSL if I could. Quote
web541 Posted December 30, 2016 Report Posted December 30, 2016 I would second this, I have found a way to do it with the current phpVMS, but I would suggest making the API Servers (e.g. Airport Lookup) HTTPS compatible as well because I've had to write a script to look up airports from a CSV file instead of use the lookup feature at the moment (errors such as Cross-Origin pop up in the console), but I guess you do have to sacrifice some things. Quote
savagegrave Posted January 1, 2017 Report Posted January 1, 2017 On 12/30/2016 at 6:29 PM, Keith said: We all can agree that HTTP is not secure and anytime you login your username and password is sent in clear text. There have been several people try to add SSL to PHPVMS but have had alots of issues. I'm not sure what can be done to make SSL easier to use in the next gen version of PHPVMS but I an for it. I would go SSL if I could. When i have built websites in the past and used SSL I've not always but the "whole" site under the HTTPS://. Im currently waiting for the newly acquired SSL certificate to become active and play with phpVMS (Sim pilots version) and see if there is a way to implement it without much problem. In the past I know it can be a pain in the rear end to fully implement, more so when calling javascript. I know google recomends using https: rather than http when using their CDN scripts. Back to the point I'm trying to make tho, I'm sure only implementing it on the "login" and "registration" controllers may solve issues since thats mainly the areas of clear text that we want to secure? Just a thought if its easier implantation your looking for.. Quote
magicflyer Posted January 1, 2017 Report Posted January 1, 2017 (edited) Just a couple of quick points: HTTPs is more secure Rumor is Google ranks you higher if your website holds an SSL. A lot of the major shared hosting providers now provide a free "Shared SSL" with your monthly package. When you use your website with an SSL, every external .js and .css files should/must be linked in https:// as well. Even if the place where .js and .css files aren't secured(Like the API server), adding https:// will still work. SSLs are dope ✌ That being said, you can easily create an independent login/registration page and have those pages secured through SSL. It shouldn't affect the rest of your website. I'd say secure the account page, and the change password fields as well. Edited January 1, 2017 by magicflyer Quote
TAV1702 Posted January 2, 2017 Report Posted January 2, 2017 yeah this is needed. I tried to run a site through ssl just recently and it was nothing short of a total disaster. Quote
Administrators simpilot Posted January 2, 2017 Administrators Report Posted January 2, 2017 I do not see this being an issue. The url for the system is set in one place and with the addition of a couple of .htaccess rules it should work without issue. As far as making some pages secure and some not I would have to think about that for a bit, there is always a way but the question brings up the question of if it is worth dividing the site up into separate pieces. If a server by chance is not using mod_rewrite then it can be faked using a hook. My goal from the beginning is to keep it as simple as possible as far as the management side. Quote
Administrators simpilot Posted January 3, 2017 Administrators Report Posted January 3, 2017 I just installed a SSL cert for the test instance and am having no issue at this point after changing the base url. The only thing that was a hang was the Google Maps API which just required a url change. I also installed one here for the forum as an added layer of protection but with all the linked images you may get "insecure connection" messages occasionally. I have the proxy plugin running to try and fix all the offsite linked images to work on the https domain but with the size of the database it si going to take some time to complete the update. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.