Hello,
How would you use https ?, would sending information via GET and POST be any different while using https ?
Any information and examples on how https is used in php for something simple like a secure login would be useful,
Thank you!
+3
A:
It will be no different for your php scripts, the encryption and decryption is done transparently on another layer.
aularon
2010-09-06 21:05:33
+2
A:
Both GET and POST get encrypted, but GET will leave a trace in the web server log files.
Pierre 303
2010-09-06 21:06:25
So how would you start and stop https in a php script ?
Gebbo
2010-09-06 21:12:11
Why you would do that? When you have to use a secure communication between the server and the client, use https instead of http. When it's not necessary, use http. You can configure you website to answer traffic on both using the files of a single directory. You can also have different directories. So you don't stop https or start it. You use it, or not.
Pierre 303
2010-09-06 21:19:30
You couldn't stop HTTPS from within a PHP. By the time the PHP script actually runs, the HTTPS connection has already been set up and data transferred. Even if you could kill it from within PHP, you'd just kill the script along with the connection. You could redirect to a non-HTTPS link.
Marc B
2010-09-06 23:47:07
+2
A:
HTTPS is handled at the SSL/TLS Layer, not at the Application Layer (HTTP). Your server will handle it as aularon was saying.
Anil
2010-09-06 21:07:07
A:
Just ensure you're sending the correct headings when allowing files to be downloaded over ssl... IE can be a bit quirky. http://support.microsoft.com/kb/323308 for details of how to resolve
Mark Baker
2010-09-06 21:19:43
+1
A:
SSL and/or HTTPS is used to provide some level of confidentiality for data in transit between the web users and the web server. It can also be used to provide a level of confidence that the site the users are communicating with is in fact the one they intend to be.
In order to use SSL, you'll need to configure these capabilities on the server itself, which would include either purchasing (an authority-signed) or creating (a self-signed) certificate. If you create your own self-signed certificate, the level of confidence that the site is the intended one is significantly reduced for your users.
PHP
Once your webserver is able to serve SSL-protected pages, PHP will continue to operate as usual. Things to look out for are port numbers (normal HTTP is usually on port 80, while HTTPS traffic is usually on port 443), if your code relies on them.
GET & POST Data
Pierre 303 is correct, GET data may end up in the logs, and POST data will not, but this is no different than a non-SSL web server. SSL is meant to protect data in transit, it does nothing to protect you and your customers from web servers and their administrators that you may not trust.
Secure Login
There is also a performance hit (normally) when using SSL, so, some sites will configure their pages to only use https when the user is sending sensitive information, for example, their password or credit card details, etc. Other traffic would continue to use the normal, http server.
If this is the sort of thing you'd like to do, you'll want to ensure that your login form in HTML uses a ACTION that points to the https server's pages. Once the server accepts this form submission, it can send a redirect to send the user back to the page they requested using just http again.
mkoistinen
2010-09-06 22:17:20