Secure ECF login

[Ralph T]

Currently the username and password that we log into this forum with is not encrypted (https or ssl). Thus it is easily intercepted and could be used by someone else to impersonate a user. Is there any way we can get this fixed?

It would require an SSL certificate be purchased for the www.e-cigarette-forum.com domain and some tweaking of the server(s) to get it installed. Is this even possible with the vBulletin software the forum runs on?

 

[laborer75]

I doubt this is something they will pursue because I'm guessing all the links would have to be redirected from http to https. Can probably do it with .htaccess but cookie handling would suffer. I'm guessing members would have to relogin every time they visit because using https would eliminate md5 that vbulletin currently uses.

 

[Ralph T]

OK. Please disregard this question. I should have sniffed the packets before I asked the question. While not transmitted via SSL, the username and password are hashed into an MD5 sum and transmitted that way. Thus the actual username and password are not revealed. My bad.

 

[Caddyman]

OK. Please disregard this question. I should have sniffed the packets before I asked the question. While not transmitted via SSL, the username and password are hashed into an MD5 sum and transmitted that way. Thus the actual username and password are not revealed. My bad.

yeah vbulletin is one of, if not the most, secure bb platform on the net