[newbie] regarding SSL.
Posted: Wed Nov 14, 2007 2:05 pm
hi.. guys.
there are many doubts here in this post. i have gave numbers and highligted them. kindly clarify all
I am a newbie. started web developing using php.
now i need to make a website where bidding transactions and online money transfer has to be implemented.
i heard and saw in few websites. about SSL.
but i am very confused with it.
i did a bit of googling and all i know about it is:
1. ssl is a kind of encryption algorithm/standard proposed by some one. the current version of this algoritm is ssl 3.0
2. TLS is also a kind of SSL but newer than it and its version is TLS 1.0
3. these algorithms are browser inbuilt(so that user cant change unlike javascript function) and serverside(we have to setup something) and all the data transactions will be in encrypted form.
Q1: so on server side. should i install a server(like database) or some other software for SSH. or its taken care of by the PHP language (Secure Shell2 Functions -- library from php manual)???
Q2: SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. what does this mean?
Q3: if everything can be done in php. then in my everypage should is use the functions of this Secure Shell2 Functions library? can't i do some thing to my server so that all the traffic through it is encrypted?
Q4: on the client side how to invoke this SSL/TLS??
Q5: what are certificates? i opened my firefox and looked into its security->advanced options. there i found lot of stuff. that i didnt understand.
Q6: say i have a form in a page. will the entire form will undergo this ssl when submitted using GET/POST methods? i mean, i want fields like.. bank acc no,current balance,etc.. to be encrypted and rest non encrypted. how can i do that? is it that what we call partially encrypted page?
please if you find any links that helps me in clearing all my doubts. kindly post it here.
there are many doubts here in this post. i have gave numbers and highligted them. kindly clarify all
I am a newbie. started web developing using php.
now i need to make a website where bidding transactions and online money transfer has to be implemented.
i heard and saw in few websites. about SSL.
but i am very confused with it.
i did a bit of googling and all i know about it is:
1. ssl is a kind of encryption algorithm/standard proposed by some one. the current version of this algoritm is ssl 3.0
2. TLS is also a kind of SSL but newer than it and its version is TLS 1.0
3. these algorithms are browser inbuilt(so that user cant change unlike javascript function) and serverside(we have to setup something) and all the data transactions will be in encrypted form.
Q1: so on server side. should i install a server(like database) or some other software for SSH. or its taken care of by the PHP language (Secure Shell2 Functions -- library from php manual)???
Q2: SSL runs above TCP/IP and below HTTP, LDAP, IMAP, NNTP, and other high-level network protocols. what does this mean?
Q3: if everything can be done in php. then in my everypage should is use the functions of this Secure Shell2 Functions library? can't i do some thing to my server so that all the traffic through it is encrypted?
Q4: on the client side how to invoke this SSL/TLS??
Q5: what are certificates? i opened my firefox and looked into its security->advanced options. there i found lot of stuff. that i didnt understand.
Q6: say i have a form in a page. will the entire form will undergo this ssl when submitted using GET/POST methods? i mean, i want fields like.. bank acc no,current balance,etc.. to be encrypted and rest non encrypted. how can i do that? is it that what we call partially encrypted page?
please if you find any links that helps me in clearing all my doubts. kindly post it here.