Page 1 of 1

using https

Posted: Wed Jun 29, 2005 12:47 pm
by sumeet
I made a web portal ... but now i want to use secure connection so that i canb send the passwords and all in encrypted form over the network .. can someone explain me or gimme some script to implement it ?? i saw some sites to explain htts thing but cudnt get how to implement in my already running php code !!! plz hepl me its urgent ..

Posted: Wed Jun 29, 2005 1:01 pm
by Burrito
already have a certificate on the server do you?

required to change NOTHING on the php you will be (assuming no cURL etc).

if a certificate you don't have, purchase and install one you must. Visit a CA site you should:

thawte, verisign etc.

Posted: Wed Jun 29, 2005 1:15 pm
by sumeet
No i dont hav certificate and all isnt there some way to send and recieve data without using those certificates ?? some openssl things !

quote="Burrito"]already have a certificate on the server do you?

required to change NOTHING on the php you will be (assuming no cURL etc).

if a certificate you don't have, purchase and install one you must. Visit a CA site you should:

thawte, verisign etc.[/quote]

Posted: Wed Jun 29, 2005 1:18 pm
by pickle
... in other words (and with proper gramatical structure :) )

PHP doesn't care if it's accessed over https or http. That's all handled by the web server. To setup https, you're going to need to buy a security certificate and install it in your server. ~Burrito gave you links to common places to get certificates.

If you're just looking at sending secure passwords, you may be able to get something working with md5. It may be possible to use javascript to make an md5 hash of the password before it is submitted. Then, use PHP to compare that md5 hash with the hash stored in the database (or make a hash of the plain-text password in a database. By the way, that's a BAD idea if you didn't know).

Posted: Wed Jun 29, 2005 1:24 pm
by sumeet
Thanks for puttin it in easy way for me .. but i was lookin at openssl_seal() and openssl_open() just now .. can these funcs help me to perform these tasks ??
pickle wrote:... in other words (and with proper gramatical structure :) )

PHP doesn't care if it's accessed over https or http. That's all handled by the web server. To setup https, you're going to need to buy a security certificate and install it in your server. ~Burrito gave you links to common places to get certificates.

If you're just looking at sending secure passwords, you may be able to get something working with md5. It may be possible to use javascript to make an md5 hash of the password before it is submitted. Then, use PHP to compare that md5 hash with the hash stored in the database (or make a hash of the plain-text password in a database. By the way, that's a BAD idea if you didn't know).

Posted: Wed Jun 29, 2005 2:33 pm
by pickle
In short, no. From what I could read, these functions use an ssl certificate - which is what you'd need if you set up https anyway. I wouldn't worry about using these functions.