sysdev wrote:SMF has a mod for it. Many CMS platforms have secure login capabilities as well.
It is possible to do this with phpBB3 without a MOD, but as explained, it would be for the entire site. I don't know of anybody that has done this for just login and registration though. Why not make it the whole thing?
I don't think it's an unreasonable or 'paranoid' question or request - especially in this day and age where identity theft is as prevailent as it is. I wouldn't want my admin login to be packet-sniffed and then my board be hacked by a spambot that inserts malicious code. Heck I wouldn't want my login information to be sniffed by my own network administrators - and yes, they do that.
It has been explained many times to Robert that people have their reasons for wanting SSL on their board (otherwise it wouldn't be offered as a feature ...) and he shouldn't try to talk them out of it, so don't mind him.
If SSL is available to protect sensitive content from prying eyes, then why not add that capibility for logins and registrations without having to wrap the entire board in SSL? That way you, and your forum's users (particularly the 'paranoid' ones), will be more content that their login information is less vulnerable to packet sniffers, and your board will still perform well because only the sensitive content will be secured via SSL.
Unless you can find a MOD, or someone willing to write such a MOD (I don't think it'd be that difficult, but then you run in to potential cookie issues), this would be a feature request for the devs.
And by the way, you bet I secure my email via SSL. I wouldn't have it any other way!
Which is why Google's gmail requires ssl connections to their SMTP and POP3/IMAP services. Many people do that.