473,372 Members | 1,113 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Help PHP application over SSL

Greetings,

I am building a database-driven PHP application.
Part of that app needs to run over SSL for gathering private data.

Now, when someone purchases a certificate, the domain name is
hard-coded on the certificate, right?

If so, how can I run part of the application in regular mode (http) and
the rest in secure mode (https)?

The domain name on the certificate will be something like -
www.myDomain.com

But some of the pages will be secure and some not.

Is it possible to have something like this?
Will the certificate work ok?

And should I refer to the secure pages using absolute referencing
(https://www.myDomain.com/someDirectory/securePage.php)

Thanks for any help.

Jul 17 '05 #1
2 1664
>I am building a database-driven PHP application.
Part of that app needs to run over SSL for gathering private data.

Now, when someone purchases a certificate, the domain name is
hard-coded on the certificate, right?
Correct. A typical secure site really has *TWO* virtual sites, one
secure, one not secure (with the same domain name, e.g.
https://my.domain.com and http://my.domain.com). The not secure
part has the product descriptions and such in it (typically). The
secure part has the order form, etc. on it. Depending on how much
personal data the site handles, you may want most of it secure.
Your typical secure site has AT MINIMUM an un-secure entry page
which redirects or links to the secure entry page. Nobody is going
to remember to type the "https:" part in. So that unsecure part
brags about the security and links to the secure page, or just
redirects. IF THE USER HAS TO LOG IN, MAKE THE LOG IN PAGE SECURE,
not just the response after they log in. That way, the login info
is encrypted.
If so, how can I run part of the application in regular mode (http) and
the rest in secure mode (https)?
Make sure you do NOT use insecure images on secure pages. Browsers
get upset about that. Otherwise, you treat it as two virtual sites
with different domains, cross-referencing each other. Limit links
to insecure pages from the secure pages, or label them with hints
like "exit secure site". Whether you use the secure or insecure
site depends on the http: vs. https: part.
The domain name on the certificate will be something like -
www.myDomain.com

But some of the pages will be secure and some not.
Fine. You can have a secure and insecure site with the same domain
name. They may or may not have the same document root. Treat them
the same way you would two different domains on separate virtual sites.
Is it possible to have something like this?
Will the certificate work ok?
Yes.
And should I refer to the secure pages using absolute referencing
(https://www.myDomain.com/someDirectory/securePage.php)


You can refer to secure pages from other secure pages of the same
domain with relative referencing. From an insecure page, it's like
you are referencing a whole different site (which it is), so you
need the absolute referencing.

Gordon L. Burditt
Jul 17 '05 #2
Harold Crump <or**********@yahoo.com> wrote:
[snip]
But some of the pages will be secure and some not.

Is it possible to have something like this?
Will the certificate work ok?
PHP doesn't know anything about the transport other than what the httpd
tells PHP about it. So it makes no difference at all.
And should I refer to the secure pages using absolute referencing
(https://www.myDomain.com/someDirectory/securePage.php)


With a little rewriteengine magic it's possible to create a relative URL
for the client which will be redirected to either http or https (it's an
example in apaches rewrite documenation).
Jul 17 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Nora | last post by:
Hi there! We have created a dtd. Now, when creating xml files based on this dtd we want to provide an own online help. (This online help explains: which tag can be used where, writing schemas,...
12
by: serge calderara | last post by:
Dear all, I have an application which is suppose to start another executable process. As soon as that process is running, I need to retrive its handle. The problem of the particular process I am...
12
by: D. Shane Fowlkes | last post by:
This is a repost (pasted below). Since my original post, I've double checked the system clock and set all IIS Session Timeout values to 10 minutes. Still ...the problem occurs. I've also...
1
by: Alain \Mbuna\ | last post by:
Hi to you all. As a beginning programmer, I finally succeeded in finishing my first application. I made the application with VB expr 2005 and provided the application with a help project, which...
8
by: pamelafluente | last post by:
I am beginning aspNet, I know well win apps. Need a simple and schematic code example to start work. This is what I need to accomplish: ---------------------- Given button and a TextBox on a...
16
by: pamelafluente | last post by:
I am still working with no success on that client/server problem. I need your help. I will submit simplified versions of my problem so we can see clearly what is going on. My model: A client...
15
by: Jay | last post by:
I have a multi threaded VB.NET application (4 threads) that I use to send text messages to many, many employees via system.timer at a 5 second interval. Basically, I look in a SQL table (queue) to...
4
by: Coleen | last post by:
Hi All :-) I'm not sure where to post this, but my organization is looking for a good software application that is not terribly expensive that allows you to create documentationand help files and...
1
by: abhijitbkulkarni | last post by:
Hello, I am designing a .NET database application that uses 3 tier architecture. Starting initially, this application will be desktop application but I will convert it into a website later but...
0
by: hitencontractor | last post by:
I am working on .NET Version 2003 making an SDI application that calls MS Excel 2003. I added a menu item called "MyApp Help" in the end of the menu bar to show Help-> About. The application...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.