Using SLL with login

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Using SLL with login

Post by seodevhead »

If you have a Secure Socket Layer, is it ALWAYS best to point any login form (user auth) to the https (SSL) login script? I have a members area on my website that I am building and I would like to have the features an SSL provides - as far as security - but I do not want my users to have to see that pop-up that says "You are about to enter a secure zone (or whatever) - Would you like to continue?" and such (do you know what I'm talkin bout?).

Is there anyway to use the SLL without having those annoying popups asking if users want to enter/leave protected zones, etc??? Thanks!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

That is entirely depending on the browser they choose. Basically, it is out of your control.
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Post by seodevhead »

Ohhhhh I see. One more question if you don't mind....

If I create my own personal SSL certificate (as opposed to purchasing one from a reputable dealer)... will that always create that stupid popup... or will it also create that popup that says.. "this certificate isn't trusted".

Any recommendations from you guys as to what you do with your SSL certs? Buy... free... ??? Thanks! :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

You need to get a real cert from a real provider.
alxkn
Forum Newbie
Posts: 14
Joined: Sat May 20, 2006 5:14 pm

how to use ssl

Post by alxkn »

Hello, I am developing a website with shopping cart and login for members and admin. SSL is already installed in the server.
Could you please let me know how can I use SSL in checkout and admin pages. I mean what kind of code shoul I put in those php files?

Thanks in advance.
User avatar
Nathaniel
Forum Contributor
Posts: 396
Joined: Wed Aug 31, 2005 5:58 pm
Location: Arkansas, USA

Post by Nathaniel »

No code necessary. Just point your users to https://yoursite.com/checkout.php instead of the regular link.

If you want to make sure they weren't stupid and removed the s from https://, you could do a check in PHP:

Code: Select all

if ( empty($_SERVER['HTTPS']) ) { // redirect to SSL link }
Hope that helps you out. :)

- Nathaniel
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

If you've got a shared server, the browser will warn users that the SSL cert doesn't belong to that particular domain (I have that problem with my website) Make sure you tell users that it's okay.

You also may be interested in SSL emulation techniques such as Challenge/Response or JS Password Assymetrical Encryption.
alxkn
Forum Newbie
Posts: 14
Joined: Sat May 20, 2006 5:14 pm

the same problem

Post by alxkn »

Thank you.

Actually I have the same problem. In addition it does not load the checkout page. Also it states that the certificate is invalid. Could you please let me know what exactly must be done, especially to load of the page.

Thanks in advance.
Post Reply