Safely moving session in and out of SSL
Posted: Wed Nov 07, 2012 8:32 am
Some hosts offer free shared SSL certs. But often to use them you have to route users through their shared SSL domain (like secure.hostname.com/~useraccount/index.html). This makes using SSL somewhat undesirable for the full session if it isn't necessary to encrypt everything.
Is there a recommended way to move in and out of SSL sessions securely?
I was thinking of:
1. Page A: (non-ssl) Create token and put in db with time stamp
2. Page A: (non-ssl) Pass hash+salt of token to ssl Page B
3. Page B: (ssl) Compare passed hash+salt with db token (hash+salt) and check time stamp for expiration (very short life span)
4. Page B: (ssl) Process sensitive user input.
5. Page B: (ssl) When done update db with new token/time stamp and pass hash+salt back to non-ssl Page C
6. Page C: (non-ssl) Compare db to passed token and time stamp and continue if valid
Other than going to all SSL pages, is there a better approach? (FYI the salt is there mostly because the first token to Page A is retrieved externally over an SSL connection, but I know nothing about how it is being generated or how safe/random it is).
This idea would be vulnerable to session hijack between A and B, or B and C. However I think the ultimate goal of keeping the data entered in Page B secure would still be achieved because in this application there is no way for users to retrieve/view the input data at any point in the process.
Thanks in advance
Is there a recommended way to move in and out of SSL sessions securely?
I was thinking of:
1. Page A: (non-ssl) Create token and put in db with time stamp
2. Page A: (non-ssl) Pass hash+salt of token to ssl Page B
3. Page B: (ssl) Compare passed hash+salt with db token (hash+salt) and check time stamp for expiration (very short life span)
4. Page B: (ssl) Process sensitive user input.
5. Page B: (ssl) When done update db with new token/time stamp and pass hash+salt back to non-ssl Page C
6. Page C: (non-ssl) Compare db to passed token and time stamp and continue if valid
Other than going to all SSL pages, is there a better approach? (FYI the salt is there mostly because the first token to Page A is retrieved externally over an SSL connection, but I know nothing about how it is being generated or how safe/random it is).
This idea would be vulnerable to session hijack between A and B, or B and C. However I think the ultimate goal of keeping the data entered in Page B secure would still be achieved because in this application there is no way for users to retrieve/view the input data at any point in the process.
Thanks in advance