Force HTTPS

angrymob · 26 February 2015 21:32

So I was curious, I think it would be a great implementation.
But for now, Anyone have any suggestions to force https on all pages.

Maybe a .httacess rule, or some code snippet. I just want to throw the idea out there.
I know i’m not the only one to think of it.

I am always concerned with all that data being sent plain text.

Just wanted to start a discussion

staganyi · 26 February 2015 21:43

I’m also interested in this.

Wieland · 26 February 2015 22:28

Hello,

if I have understood correctly, you want make https encryption in Suite directly?

We have solved this via web server and https made mandatory.

It also means the http - content as simple feeds can not be displayed. Even locale installations are likely to get in trouble. In addition, as would some strings in the source code to be adjusted.

Htacces is supposed to prevent access, regardless of the encryption …

Hot Topic

angrymob · 26 February 2015 23:12

I mentioned htaccess because on my previous searches I had seen some talk of using modrewrites to point to https.

I just think throwing it out there to the universe would serve well to consider https encryption for the crm as a good security measure. Keeping security in mind might allow healthcare and other industries to tap into suite. The more adoption the better and I could see security being an issue for many organizations looking to utilize suite with sensitive data.

Honestly I only have been learning php as much as I have thanks to sugar/suite existing. My exposure was many years back looking to generate and track invoices for my on the side computer repair gigs. I came across vtiger and then tried out sugar. Once suite arrived with all the much needed functionality I took off form there.

It has allowed the office I manage tech for to go almost paperless. Thats a huge impact.

But back on topic. Are you saying feeds would break if https were forced? what do you mean?

Maybe i’m looking at this form the wrong direction but I was curious as to how to implement this.

Wieland · 26 February 2015 23:31

Hello,

yes I’ve tried some CRM in recent years. SugarCRM simply offered the most possibilities, even integrations are concerned. We are very happy with that SuiteCRM the community is maintained and such fantastic work takes place …

Back to the question: We use an SSL certificate, which is absolutely necessary in my opinion, and have the WebServer set so that https is enforced. What it also means that http content such as RSS feeds or web page content in http can not be displayed. Unsafe content will be rejected. This can also paths in SuiteCRM concern linked via a URL. This must be precisely adjusted manually.

angrymob · 26 February 2015 23:51

I see, but that’s what I was wondering. How to I make https mandatory on the server?
So far We don’t use any of the feed functionality so it wouldn’t be an issue… Although it would be great to find ways of making it work in the future.

I wouldn’t mind just making my own cert and adding it to all the computers at our place. My server already has that our our pbx.

Enforcing this can help me find the unsafe content and adjust accordingly.

Thanks