The questions about SSL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Alexancho
Forum Newbie
Posts: 6
Joined: Sat Jan 08, 2011 11:56 am

The questions about SSL

Post by Alexancho »

I have never worked with SSL certificates before, so i wanted to ask some questions about SSL.
There is a website, let's call it A that gives a particular paid service to a group of websites (group B). When a registered user from any of websites B wants to use A he have to send to A some information includes user name and password. To owner of a B group convenient to use the same usernames and passwords for all these services. The one who can take possession of these data will be able to use sites A and B as well which is unacceptable. The question is: is the SSL could be a good solution for this situation? And do we can use the same usernames and passwords for A and B or it is better to use different usernames and passwords anyway? And is it correct that the owner of these websites needs to buy a SSL certificate for website A only.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: The questions about SSL

Post by Mordred »

Do B sites talk to A (server-to-server) or the clients of the B are sometimes redirected to talk to A (client-to-server)?
In either scheme, if A and B are different entities, keep in mind that if you use the same passwords, the owners of A will know the login credentials of all B's users. SSL will not protect against this, it only protects one side of a HTTP conversation against someone impersonating the other side. (So either the clients or the B servers will know that this is the real A server, and not an impostor)
Alexancho
Forum Newbie
Posts: 6
Joined: Sat Jan 08, 2011 11:56 am

Re: The questions about SSL

Post by Alexancho »

Thank you, i understand the matter. B sends information and receives replies from A.
Now, for example i have a website http://www.IhaveSSL.com with SSL certificate and i want to sent data to this site.
Without SSL can just create a form <form action="http://www.IhaveSSL.com/read_message.php" method="post"> etc.
But if now it works with SSL how it affects a code? There must first be a secure connection established.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: The questions about SSL

Post by Mordred »

It's transparent, you just do
<form action="https://www.IhaveSSL.com/read_message.php" method="post">
Alexancho
Forum Newbie
Posts: 6
Joined: Sat Jan 08, 2011 11:56 am

Re: The questions about SSL

Post by Alexancho »

Thank you very much!
Post Reply