Topic: SSL and SSL Cookies Question
Hi, I'm looking around for forum software and I think that PunBB or FluxBB would support my needs best.
But one thing I am unclear about is whether the forum supports SSL and especially SSL cookies.
From a couple postings, it seems the forum will authenticate and transmit all pages under SSL, which is good. I can't have any data leaking out via unencrypted HTTP.
But things are unclear as to SSL cookies. For my motivation, please see http://fscked.org/blog/fully-automated- … -hijacking.
Basically if cookies are allowed to be transmitted in the clear, then a guy can hijack the request (through a number of means) and force the browser to send the cookie in the clear. I am hoping that PunBB will protect against that.
Thanks