a fiddly SSL/php/mysql question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
calebsg
Forum Commoner
Posts: 28
Joined: Tue Jun 18, 2002 10:41 am

a fiddly SSL/php/mysql question

Post by calebsg »

My web host has given me 1 meg of space on their SSL server as https://www.theirserver.com/~mydomain and then I have all of my site currently on http://www.mydomain.ca

My experience with php & mysql is growing but I'm totally green on SSL.

I have some sensitive information in the MySQL db that needs to be displayed occasionally to the currently logged in user when appropriate. How do i get that info to the user via SSL? Should I stick all my php pages on the SSL server, or isolate some include files with the SQL queries on the SSL server or what? I just don't know where to begin.

Ideally I would have my own certificate and do the whole shebang SSL but that isn't the case so I have to work within these constraints.

Hopefully I made it clear, but if it's muddy I'll be happy to clarify my situation.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

If you split your pages between two servers you will lose the user-login information unless you put it somehow in the new request.
If the request was on https the answer will be sent back secured too, if it wasn't the answer is unsecured wether coming from a https-capable server or not
will
Forum Contributor
Posts: 120
Joined: Fri Jun 21, 2002 9:38 am
Location: Memphis, TN

Post by will »

along the same lines.... do you know if a session will remain open from a non-secure to a secure server? they're on the same physical box (i think), and i could pass the SID in the URL.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

as soon as I have installed DevStudio to compile the mod_ssl for apache or have reactivated the linux box (yes, i crashed it again :( ) I will try. curious, too.
Post Reply