View Full Version : Building a secure forum
slap happy
10-13-2011, 02:35 PM
Morning,
By way of intro: I've been using vbulletin as a user for sometime, have setup several forums with phpbb.
My question:
I need to build a closed and secure forum, meaning the entire connection will need to be encrypted, not just the login. After several attempts at searching this forum I came up empty. I have even searched the manual.
I could probably use some pre-sales assistance.
Thanx in advance,
Dan
--
River J
10-13-2011, 03:14 PM
So you need a forum that only people that you want can go to? You could do that from the .htaccess file and restrict only certain IPs from going to the site.
BirdOPrey5
10-13-2011, 03:47 PM
You can encrypt the connection with SSL but the content in the database is not encrypted and is not an option on a stock vbulletin install. It may be possible via custom modification but it would not be supported.
slap happy
10-13-2011, 07:12 PM
I do not know how a forum is structured, but the content needs to be protected and logins confidential. I have also read where some admins have difficulty with the forum software functioning in an SSL environment.
Is there a good functional description of vbulletin?
BirdOPrey5
10-14-2011, 01:31 AM
I don't know what you mean by a "functional description." The Manual (http://www.vbulletin.com/docs/html/) is available online.
There should be no issues with SSL. vBulletin.com has been running with SSL for months. I was a member of even old 3.x forums that ran with SSL. If someone is having a problem they probably didn't know how to properly setup SSL.
Alfa1
10-14-2011, 11:12 AM
You can simple install vbulletin in a private_html directory, add a ssl certificate and allow your users to browse through https. You do not need any special adjustments to vbulletin.
If you only want members to see the forum contents, then adjust your usergroup settings to reflect this.
souperman
10-20-2011, 01:04 AM
It's simple. Add a piece of code/hook to your global file that redirect to https if user is on http. Then set the cookie params to secure only, and set it to http-only.
CodeClutch
11-18-2011, 05:02 PM
I have to jump on the bandwagon here and agree, ssl is the way to go. Theoretically, the system COULD be setup to encrypt the entries in the database, but I can't imagine it being an advantage or 100% secure. Even with my knowledge of the product/plugin system, it would most likely be a hefty re-working of the code, that probably would require modifying the stock vbulletin files.
Judging from the sound of it, I'm guessing you are selling access to certain areas of the forum? If you could provide an idea of the usage you are looking for, we could probably better answer your questions.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.