Hi Dimas,
I'm sorry, there must be some confusion.
The vulnerability I am talking about only comes from using the login part of JomSocial...
When a guest is on my website SSL is not used as the guest is not able to input into any fields until they log on. I believe this is a standard setup.
When a user logs into the website using the normal joomla login module, the pages changes to HTTPS and the data is encrypted during transfer to the server.
However, when a user logs in using the JomSocial login module...
SSL is not used to encrypt the data while sending the information and the data can be intercepted.
As you can see, this has nothing to do with Jomsocial privacy features. When information is put into Jomsocial and set to private or members only, it is still being sent to the server unencrypted if the user has logged on using the Jomsocial login rather than the standard Joomla login module. Hense, the JomSocial login is causing a vulnerability in my website.
I would like to know how I can get the jomsocial login to use SSL in the same manner as the standard Joomla login module. This should not involve altering the SSL metherod... I would have thought it would involve providing an option in the backend of Jomsocial to make the jomsocial login use SSL the same as there is for the standard joomla login module. If this is not possible I would like the option to remove the jomsocial login module from the community page which would then force users to login using the standard Joomla module.
I hope this makes the problem clearer. I apologize again from any previous confusion.
kinds regards,
j