Page 1 of 1

Can I build a php website then get SSL

Posted: Sat Aug 07, 2010 3:20 pm
by thomas49th
Hi, I wish to use SSL to prevent eavesdropping on my website. Can I develop my whole website without worrying about SSL yet then when it's finished simply purchase a SSL ticket and away I go? Or do I have to design with SSL functionality in mind?

Thanks
Thomas

Re: Can I build a php website then get SSL

Posted: Sat Aug 07, 2010 4:40 pm
by thomas49th
Sorry that was a little vague

Try this:

does SSL simply just not work over the top of the website?? I have little idea how it is to be implemented. I am concerned that because I'm writing a piece of software which interfaces with php scripts. So for logining in I send http://mysite.com/login.php?username=tom&password=test
then the php scripts connects to the mysql database and responds with yes or no. My software needs to send the username and password in encrypted form so noone can eavesdrop. Is getting an SSL certificate the right way to go. For testing purposes I was thinking of getting a certificate from startsll.com before maybe purchasing a real one later on.

My website runs C Panel, where there is a section of SSL/TLS management.

Sorry I am new to all of this.

Thanks
Thomas

Re: Can I build a php website then get SSL

Posted: Mon Aug 16, 2010 10:59 am
by timWebUK
You really shouldn't be sending a username and password via GET.

i.e.

.php?username=tim&password=test

Use POST. Send the data in the background - be sure to hash the password at the other end before you store it. Please search the forum for more details on this subject, there are plenty of resources.

Remember security is a large subject of many layers, don't just rely on one method or technology. Make SSL/TLS an additional lock the door.

Re: Can I build a php website then get SSL

Posted: Tue Aug 17, 2010 4:46 am
by Mordred
To answer the original question: yes, you can fully develop the site, then use SSL for parts or the whole site. The only difference is that SSL links would start with https. Also, read up on "secure" flag for cookies and use it on your login tokens.

Re: Can I build a php website then get SSL

Posted: Tue Aug 17, 2010 7:21 pm
by flying_circus
Mordred wrote:To answer the original question: yes, you can fully develop the site, then use SSL for parts or the whole site. The only difference is that SSL links would start with https. Also, read up on "secure" flag for cookies and use it on your login tokens.
Mordred,

Can we rely on the secure flag now? I didnt think it was supported on all browsers (though, I suppose thats not an excuse to refrain from implementing it).