Comments on: HOWTO create your blog - anonymously http://livelyblog.com/archives/4 Get your own free personal blog Thu, 08 Jan 2009 13:41:00 +0000 http://wordpress.org/?v=2.6 By: admin http://livelyblog.com/archives/4#comment-38 admin Sun, 15 Apr 2007 23:58:25 +0000 http://livelyblog.com/2006/10/09/howto-create-your-blog-anonymously/#comment-38 It did for a while. And it will if we find out how to do it securely. WordPress MU is absolutely not made to be served over https. It is possible to change core files to make it login using https, but there are a whole lot of issues which makes https much less secure than it should be. If you login using https and your browser sometimes makes plaintext connections which sends the session cookie then you're just as unsecure as if you were not using https at all. The reason https is turned off alltogether right now is that we do not want to give you a false sense of security. Half-secure https gives you the impression that your connection remains encrypted when in fact it's not, so https won't be available until or unless we find out how to do it in a way that is really secure. It did for a while. And it will if we find out how to do it securely. WordPress MU is absolutely not made to be served over https. It is possible to change core files to make it login using https, but there are a whole lot of issues which makes https much less secure than it should be. If you login using https and your browser sometimes makes plaintext connections which sends the session cookie then you’re just as unsecure as if you were not using https at all.

The reason https is turned off alltogether right now is that we do not want to give you a false sense of security. Half-secure https gives you the impression that your connection remains encrypted when in fact it’s not, so https won’t be available until or unless we find out how to do it in a way that is really secure.

]]> By: kranjal http://livelyblog.com/archives/4#comment-35 kranjal Fri, 30 Mar 2007 04:10:21 +0000 http://livelyblog.com/2006/10/09/howto-create-your-blog-anonymously/#comment-35 I thought livelyblog used ssl encryption between the user and the server. I thought livelyblog used ssl encryption between the user and the server.

]]>