1

(0 replies, posted in PunBB 1.2 discussion)

Hi, I'm looking around for forum software and I think that PunBB or FluxBB would support my needs best.

But one thing I am unclear about is whether the forum supports SSL and especially SSL cookies.

From a couple postings, it seems the forum will authenticate and transmit all pages under SSL, which is good. I can't have any data leaking out via unencrypted HTTP.

But things are unclear as to SSL cookies. For my motivation, please see http://fscked.org/blog/fully-automated- … -hijacking.

Basically if cookies are allowed to be transmitted in the clear, then a guy can hijack the request (through a number of means) and force the browser to send the cookie in the clear. I am hoping that PunBB will protect against that.

Thanks