NYCPHP Meetup

NYPHP.org

[joomla] Always use SSL?

Gary Mort garyamort at gmail.com
Fri Dec 3 13:44:32 EST 2010


With the release of Firesheep....and my nomadic system lifestyle, I am
seriously reconsidering my former view of "man in the middle" attacks as a
low priority issue.

Looking over the Remember Me plugin, I note that it is easily hijacked via
Firesheep to allow a user without too much technical sophistication to
impersonate someone on a Joomla powered website if it is connected to
through normal HTTP instead of HTTPS.

The simple solution, which I am implementing for myself, is to setup a VPN
to an external system on the internet and tunnel all my traffic through
there.  That at least removes the issue with open wifi access.

While self signed certificates can cause general users to become
uncomfortable and not wish to continue on a website, for my own sanity I'm
thinking a short little plugin that always redirects specific users who log
on to the https connection to log on again would be in order.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20101203/769dced1/attachment.html>


More information about the Joomla mailing list