SSL question

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

SSL question

Post by funguru »

Hi.. i am designing a database driven website for a client with login info etc.. half way down the project the client wants the website on secure server.. therefore i am getting the server a SSL docomo certificate..

my question is, what changes would i need to do (if any) for my login and other pages to work while there are in SSL server?

i got to know that mostly no changes are required to the code.. but then would i have to enter all absolute url's while linking or can this work with relative url's too?

Thanks
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

If you're using relative urls this will have zero impact.. Otherwise you'll need to change http with https...
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

Post by funguru »

does that mean that i will have to change all the relative url's to absolute and add https:// for ssl to work? no other way out?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

funguru wrote:does that mean that i will have to change all the relative url's to absolute and add https:// for ssl to work? no other way out?
Why would you want to convert a relative url to an absolute one?
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

Post by funguru »

all relative url's will naturally be http:// so how else can i make them https:// ?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

all relative url's will naturally be http://
They will?!

If however you are talking about redirects:

Code: Select all

header('Location: ....
then you should write them as absolute anyway.
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

Post by funguru »

what i meant was that all urls will be http://www.mycompany.com/login.php..

how can i get them all to be https://www.mycompany.com/login.php ? is there a script which i would need to add to make them all https instead of http?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

what i meant was that all urls will be http://www.mycompany.com/login.php..
Are you certain? Have you tried it?
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

Post by funguru »

no i have not tried it.. but it seems that way.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

It's really worth trying things out, if for no other reason than just to see if it *would* work. It should only take a few seconds and will really help with understanding things much better than even the best and clearest of explanations.

Actually, I wonder why the call them relative urls. Relative to what I wonder.

Because unless you have a base href set somewhere ....
funguru
Forum Newbie
Posts: 6
Joined: Sun May 13, 2007 3:18 am

Post by funguru »

I did try it out and i think it will work without a problem... i was thinking that evertime a file is requested the browser would automatically go to http:// but it seems like once it running under https:// it will follow the same theme unless a special link with http:// is created to exit the secure area.

thanks for the help
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Stryks wrote:Actually, I wonder why the call them relative urls. Relative to what I wonder.
To the current directory
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

To the current directory
Yeah ... I was a bit vague I know ... just my attempt at hinting that once the page is shown in https: the relative links will be relative to https: (unless a base href is set otherwise I believe).

Sorry about the confusion. :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I know this is a few days old, but on SSL, if you are using cookies, you may want to make sure you set the cookie_secure flag in the setcookie() function. Also, if your entire site will be behind SSL, you may want to edit your server config to forward all port 80 traffic to port 443 (or whatever your secure port is).
Post Reply