Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2008-02-14 23:01:41
- cxn
- Member
- Registered: 2007-04-27
- Posts: 12
Encrypting traffic
Hi!
Currently all my commands to txp are sent in the clear (login names, passwords, authentication cookies, texts of articles, images etc) which is not good for my paranoia.
Encrypting with Javascript is not very good, because it is prone to man-in-the-middle attacks. I am looking for something more secure.
So…
is there a way to encrypt communications to textpattern admin interface?
Thanks in advance
keywords: ssl, ssh, encryption, traffic, certificate
Offline
Re: Encrypting traffic
Textpattern works on a HTTPS connection, too.
Offline
#3 2008-02-15 07:40:34
- cxn
- Member
- Registered: 2007-04-27
- Posts: 12
Re: Encrypting traffic
Yeah, I know but I don’t need to use encryption on all communication, just the admin stuff — the rest of the site could be unencrypted.
Something like ssh-client with ability to modify mysql databases would be perfect.
Searched the web and found nothing about secure login to the cms in general using open source products (except obviously ssl which encrypts all traffic).
Guess it is impossible at this moment.
Offline
Re: Encrypting traffic
Although I haven’t tested it in recent releases, the intended use of HTTPS in Textpattern is not restricted to an all-or-nothing decision. Use https://www.example.com/textpattern/ to access the backend, and use http://www.example.com/ as the public URL.
Offline
#5 2008-02-16 16:12:25
- cxn
- Member
- Registered: 2007-04-27
- Posts: 12
Re: Encrypting traffic
OK, thanks. I’ll keep that in mind.
Offline
Pages: 1