Skip to:
Content
Pages
Categories
Search
Top
Bottom

BP https.

  • Avatar of yadigit
    yadigit
    Participant

    @yadigit

    @djpaul
    Sorry for saying that BP was not secure.
    I’ve installed other social networks and also tested them.
    (elgg, dolphin) and no passwords were sent over https..
    so my question is, how would I make the passwords not be sent over https.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Avatar of Hugo
    Hugo
    Moderator

    @hnla

    How were they sent then?
    To be honest this question you pose is more to do with you perhaps first having an understanding of protocols and how they work and what part applications that run on servers have in that process.

    I’m not trying to put you off the discussion, but this is not really an issue with buddypress unless you can come to us with some explanation of how in your tests you have arrived at the possible conclusion that bp is not secure in some fundamental way.

    Avatar of yadigit
    yadigit
    Participant

    @yadigit

    @hnla
    The website is hosted off of 1and1.com.
    Using wp 3.3.1
    and the newest BP ( not sure what version it’s at now )

    I used a program called netspark i believe,
    ( just had to reformat today to linux. Couldn’t stand Windows 7 >.< )
    One I get the program installed, I will screen shot the reports of a BP site, and a some other social CMS ( elgg. )
    The program pervades full details on why the passwords are being sent over https.
    I will also contact other BP sites with their permission and test their site too and take a screen shot of the results.

    Don’t get me wrong, Buddypress is one of the BEST plugins for WordPress.
    also, I will see if it has something to do with WordPress it’s self.

    The reason why im bringing this up is due to the fact that I installed Elgg on a different domain and the passwords were secure.

    Avatar of yadigit
    yadigit
    Participant

    @yadigit

    Disregard all comments about password transmitted over https.
    Found the problem…

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    :) and…

    Avatar of yadigit
    yadigit
    Participant

    @yadigit

    Sorry for the late reply.
    I built a page template for the activity page (activity page as the home page) using a IF user is logged in locate template mustlogin.php
    I took the login bar from the buddypress widget and placed it in the template.

    Same thing with the /register page.

    Also, I tested a recent buddypress site and the passwords weren’t sent over https. =D
    the problem was I created a template.

    Once I get time I’ll dig more into it and place the codes of the mistake.
    I will have them posted by tomorrow if you want.
    @hnla

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.