using https

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
sumeet
Forum Newbie
Posts: 15
Joined: Mon May 23, 2005 3:55 pm
Location: Hyderabad
Contact:

using https

Post by sumeet »

I made a web portal ... but now i want to use secure connection so that i canb send the passwords and all in encrypted form over the network .. can someone explain me or gimme some script to implement it ?? i saw some sites to explain htts thing but cudnt get how to implement in my already running php code !!! plz hepl me its urgent ..
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

already have a certificate on the server do you?

required to change NOTHING on the php you will be (assuming no cURL etc).

if a certificate you don't have, purchase and install one you must. Visit a CA site you should:

thawte, verisign etc.
sumeet
Forum Newbie
Posts: 15
Joined: Mon May 23, 2005 3:55 pm
Location: Hyderabad
Contact:

Post by sumeet »

No i dont hav certificate and all isnt there some way to send and recieve data without using those certificates ?? some openssl things !

quote="Burrito"]already have a certificate on the server do you?

required to change NOTHING on the php you will be (assuming no cURL etc).

if a certificate you don't have, purchase and install one you must. Visit a CA site you should:

thawte, verisign etc.[/quote]
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

... in other words (and with proper gramatical structure :) )

PHP doesn't care if it's accessed over https or http. That's all handled by the web server. To setup https, you're going to need to buy a security certificate and install it in your server. ~Burrito gave you links to common places to get certificates.

If you're just looking at sending secure passwords, you may be able to get something working with md5. It may be possible to use javascript to make an md5 hash of the password before it is submitted. Then, use PHP to compare that md5 hash with the hash stored in the database (or make a hash of the plain-text password in a database. By the way, that's a BAD idea if you didn't know).
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
sumeet
Forum Newbie
Posts: 15
Joined: Mon May 23, 2005 3:55 pm
Location: Hyderabad
Contact:

Post by sumeet »

Thanks for puttin it in easy way for me .. but i was lookin at openssl_seal() and openssl_open() just now .. can these funcs help me to perform these tasks ??
pickle wrote:... in other words (and with proper gramatical structure :) )

PHP doesn't care if it's accessed over https or http. That's all handled by the web server. To setup https, you're going to need to buy a security certificate and install it in your server. ~Burrito gave you links to common places to get certificates.

If you're just looking at sending secure passwords, you may be able to get something working with md5. It may be possible to use javascript to make an md5 hash of the password before it is submitted. Then, use PHP to compare that md5 hash with the hash stored in the database (or make a hash of the plain-text password in a database. By the way, that's a BAD idea if you didn't know).
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

In short, no. From what I could read, these functions use an ssl certificate - which is what you'd need if you set up https anyway. I wouldn't worry about using these functions.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply