SSL enabled admin site

[DaveH]

Do any of the admin know if we could protect the login to the admin cp with SSL? It's in the clear now and I'd hate for an admin's pw to be compromised.. I'll poke around with it, but I thought i'd ask too.

Even if it's a self signed cert, it would work.

 

[AR Husker Fan]

I don't see SSL level protection; the software can add HTTP authentication in the "/admin/" directory with a .htaccess file, but that doesn't address the password issue.

 

[slacker]

We'd have to purchase a certificate for the www sub-doman and then you could log in using either the https://www... address or http://www... address. Why the concern? I'd think if anyone could intercept an admins login credentials they'd be able to hack in without them.

 

[DaveH]

We'd have to purchase a certificate for the www sub-doman and then you could log in using either the https://www... address or http://www... address. Why the concern? I'd think if anyone could intercept an admins login credentials they'd be able to hack in without them.

Really, probably the biggest concern is logging in on an unsecured wireless network that could be easily sniffed. The risk, though, is pretty low IMO.

Also, on a wired network the risk is pretty low, considering man in the middle attacks are very sparse on the internet.

I was at a conference this week where unsecured wireless networks were used en masse. I sniffed the traffic out of my own wLAN nic and noticed that the pw's are transmitted in the clear, which prompted me thinking about it