Dear Owall team
Could you please clarify whether I would need to use https to make sure all data are ciphered between a client and a server?
Or does Oxwall provide already certain level of "internal ciphering" ?
Thanks
Martin
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Secure Connection - https, tsl, ssl | Forum
Oxwall Tips
Sep 1 '15
You'd don't actually need any of those. The only thing You might want to protect are user passwords. Oxwall uses one way encryption, thus your passwords are safe.
Secure connection is also usually needed for payment operations. As far as I know most of the gateway plugins are designed in a way that transactions actually happen on gateway's side. Thus user enters his card number while being on for example papal.com, and PayPal does apply secure connection for that on their end.
Having https is a nice add on I would say, but it is optional. You will be perfectly fine without it.
Secure connection is also usually needed for payment operations. As far as I know most of the gateway plugins are designed in a way that transactions actually happen on gateway's side. Thus user enters his card number while being on for example papal.com, and PayPal does apply secure connection for that on their end.
Having https is a nice add on I would say, but it is optional. You will be perfectly fine without it.
Martin Baso
Sep 1 '15
Thanks for your feedback. I will have https anyway due to eshop under the same domain. Do I have to modify something in a code to enable Oxwall to "accept" https ?
Thank
Martin
Thank
Martin
Oxwall Tips
Sep 1 '15
+1 to Brian's reply. You might not get padlock sign closed right away. You can use firebug to find out which site content is still using http stead of https. Usually those are theme images ( might need to reupload) or external links.
ketkew
Sep 2 '15
And if you decide to serve your website via https only, than read also this topic because all http links posted will auto convert to https links. And if a certain website doesn't support https than your stuck with broken links.
Protocol relative URLs seems an option to fix the mixed content problem but I don't think this it's a high priority for the OW team..
You can run a non-ssl website for sure, but if your site is under attack than at least you would have a secure connection in your profile/login/logout and register section because it's quite easy to sniff credentials if your site isn't secure..
Protocol relative URLs seems an option to fix the mixed content problem but I don't think this it's a high priority for the OW team..
You can run a non-ssl website for sure, but if your site is under attack than at least you would have a secure connection in your profile/login/logout and register section because it's quite easy to sniff credentials if your site isn't secure..
Martin Baso
Sep 2 '15
Hi Guys thanks for your inputs. Still my feeling is that this http to https links converion issue should be fixed. The point is to make safe all pages not just admins.
In Europe we have very hard privacy protection laws and if something is going wrong the entire bussiness can shut down.
I read that this issue should be fixed in incomming Oxwall updates, Oxwall team pls. any update on this?
In Europe we have very hard privacy protection laws and if something is going wrong the entire bussiness can shut down.
I read that this issue should be fixed in incomming Oxwall updates, Oxwall team pls. any update on this?
Team Taissa
Sep 3 '15
Martin, I'm just a supporter, I cannot provide you information about what will be added to new releases. Please add your suggestion at Oxwall uservoice to show developers and our product designers what features are the most essential.
Also you can find actual information about Oxwall news in our blog, follow the link: http://blog.oxwall.org/. ;
Also you can find actual information about Oxwall news in our blog, follow the link: http://blog.oxwall.org/. ;
Martin Baso
Sep 4 '15
Thanks Taissa. Please last question. If I move to https before Oxwall installaton, will I face the same issues? Or this migraton to https is only problematic if applied to already existin Oxwall installation?
tammy harris
Sep 4 '15
you need htps for contact inporter and some other to work and in last few updates something is stopping you from turn ssl on for individual pages in htacess
if you start with none ssl and in time change to ssl theres no problem
but expect your site to run very slow for few hours as all db entries get changed to ssl
if you start with none ssl and in time change to ssl theres no problem
but expect your site to run very slow for few hours as all db entries get changed to ssl
Martin Baso
Sep 4 '15
Once Oxwall is installed under https, can I expct any issue if sombedy posts a a hyperlink with http.... ? I mean will it break this tlink?
Do you mean that the recent Oxwall revisions migh have a bug which is seen as none https protocol applied to some pages?
ketkew
Sep 5 '15
Again, if you serve your website complete under https and when you post 'http' links in for example the news feed than the http link will be converted to https. And if your posted URL doesn't serve SSL (https) than you're stuck with broken links..
Martin Baso
Sep 5 '15
How does facebook and other social network platforms deal with this problem?
To me this is no-go. I must have https due to very stric privacy protection laws in Europe but on the other side if I do I will receive broken links. Any way hot to rewrite this in httaccess if possible?
To me this is no-go. I must have https due to very stric privacy protection laws in Europe but on the other side if I do I will receive broken links. Any way hot to rewrite this in httaccess if possible?
tammy harris
Sep 5 '15
facebook and others download the image to there server then puts that image into link posts so its from https
tammy harris
Sep 7 '15
url are not changed so if you put in http url or https is does not change anything
ketkew
Sep 7 '15
In the newsfeed http links will be displayed as https after a page refresh (but the link itself doesn't change.. so yeah this works, but is more a cosmetic issue..).
But if you add a http link in your (custom) profile field than http will be switched to https.. and when you click that link.. its also https and that's not correct..
But if you add a http link in your (custom) profile field than http will be switched to https.. and when you click that link.. its also https and that's not correct..
Martin Baso
Sep 7 '15
..does it mean that the links should be entered without https prefix in Oxwall? Then should it work?
Martin Baso
Sep 8 '15
Hm but there is no real fix for this. It is really pretty limitting to use Oxwall for any serious webpage. Such a small bug will prevent to use Oxwall for any serious project. Such great software package and fails on such small details. Would be good if Oxwall developers fix this.
Really I cannot use Oxwall without ssl and if I use ssl I get broken links.
How canI pick up any vistoors? They will leave the site once the bug is discovered......
Martin Baso
Sep 9 '15
if developers wish to make this successful on a large scale they should consider to fix this bug...another downside is that this any private companies cannot use it without ssl otherwise they risk their bussiness
The Forum post is edited by Martin Baso Sep 9 '15
Martin Baso
Sep 10 '15
can anybody show me a high ranking page (poowered by Oxwall ) with thousands of daily visitors? I was looking for such site and could not find. The reason is simple this software package ( really great one ) is not ready to be used for any serious purpose. It is good for a very small private communities but not for any larger serious project due to described https issues above.
