Page 1 of 1

a fiddly SSL/php/mysql question

Posted: Thu Jun 27, 2002 12:23 pm
by calebsg
My web host has given me 1 meg of space on their SSL server as https://www.theirserver.com/~mydomain and then I have all of my site currently on http://www.mydomain.ca

My experience with php & mysql is growing but I'm totally green on SSL.

I have some sensitive information in the MySQL db that needs to be displayed occasionally to the currently logged in user when appropriate. How do i get that info to the user via SSL? Should I stick all my php pages on the SSL server, or isolate some include files with the SQL queries on the SSL server or what? I just don't know where to begin.

Ideally I would have my own certificate and do the whole shebang SSL but that isn't the case so I have to work within these constraints.

Hopefully I made it clear, but if it's muddy I'll be happy to clarify my situation.

Posted: Thu Jun 27, 2002 2:06 pm
by volka
If you split your pages between two servers you will lose the user-login information unless you put it somehow in the new request.
If the request was on https the answer will be sent back secured too, if it wasn't the answer is unsecured wether coming from a https-capable server or not

Posted: Thu Jun 27, 2002 2:17 pm
by will
along the same lines.... do you know if a session will remain open from a non-secure to a secure server? they're on the same physical box (i think), and i could pass the SID in the URL.

Posted: Thu Jun 27, 2002 2:23 pm
by volka
as soon as I have installed DevStudio to compile the mod_ssl for apache or have reactivated the linux box (yes, i crashed it again :( ) I will try. curious, too.