SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Apr 2014
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to have HTTPS for login Page?

    I want to know how can i make my login page https and all other pages as http.
    So when a user sees login page, the site address should show https, and once they are in, it should be http.

    I feel this might be the right code, but I dont know what it does. Can you please let me know your thoughts please?
    Thanks in Advance.

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,861
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Why do you want to put a lock on the barn door and then knock down all the walls?

    The information that needs to be passed back and forth once they are logged in needs a secure connection at least as much if not more than the login page does. Without it someone would be able to steal their current access without even needing to know their password.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Member
    Join Date
    Apr 2014
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Steven for your response, but my main goal is to secure the user's credentials. Data is also important, but right now I am focusing just on the credentials because that is the key information in the network I am going to implement this solution. Also, if I install it throughout, my server performance might be affected.

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,861
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Installing https for the entire area accessed by the login shouldn't have any noticeable performance impact as it would only be the session id that needs to be encrypted by the certificate before a request is sent to the server.

    Also if you don't have the session id encrypted then someone who intercepts that would be able to get ALL the person's credentials from the server even though they are not included in the current request. Protecting just the login page will not actually protect any of their credentials as all will be accessible from the following page if that page doesn't use https.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Member
    Join Date
    Apr 2014
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Steven,

    Can you give me an example of how it will be available in other pages even if we use https for login page?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •