SSL Encryption
- Thread starter raceway99
- Start date
Typically the simplest set-up of SSL will allow you to host all your pages in one location on your server and just add an additional IP address that you'll usually be able to use just by trying to access the page via https:// rather than http://
For you this will mean that yes, you can do this - you just need to make sure you're specifying the full URL when accessing your pages with links within your site.
I.e. if you want your about page to be only accessed without SSL then make sure if you link to it from your https:// page you're linking to "http://www.mywebsite.com/about.html" rather than just "/about.html"
Conversely make sure all the links to your secure pages point to the https:// address.
Out of interest, what are you planning on using the SSL for? There might be an alternative...
Roy
For you this will mean that yes, you can do this - you just need to make sure you're specifying the full URL when accessing your pages with links within your site.
I.e. if you want your about page to be only accessed without SSL then make sure if you link to it from your https:// page you're linking to "http://www.mywebsite.com/about.html" rather than just "/about.html"
Conversely make sure all the links to your secure pages point to the https:// address.
Out of interest, what are you planning on using the SSL for? There might be an alternative...
Roy
Make sure all the content on the SSL pages is coming from a https:// url - SSL pages that have unencrypted content can fail to display the certificate.
You'll also need a check on each page as to if you want it SSL or not, and redirect accordingly.
You'll also need a check on each page as to if you want it SSL or not, and redirect accordingly.
cheers for the help and soz for the late reply...
@RoyMi6 its for passing data using post and php and a mysql database
BTW ive never used SSL before and only been using php/mysql for a couple of days and i just assumed ssl would be a good way to increase security
@RoyMi6 its for passing data using post and php and a mysql database
BTW ive never used SSL before and only been using php/mysql for a couple of days and i just assumed ssl would be a good way to increase security
It's defiantly not a bad thing, but not always something that's necessary.
I assume you'll be using it to protect personal information such as login and address details, payment information?
If not, you may be looking in the wrong direction if what you're doing is trying to increase security. Again, it wont have a negative effect but it's quite possible to have a perfectly secure website that uses a database back end without the use of SSL.
SSL won't outright solve all security concerns.
Sorry if this is coming across like a stern warning! I don't have a clue about your background and I'm just trying to be informative and highlight that there might be some other things you haven't considered
Best of luck,
Roy
I assume you'll be using it to protect personal information such as login and address details, payment information?
If not, you may be looking in the wrong direction if what you're doing is trying to increase security. Again, it wont have a negative effect but it's quite possible to have a perfectly secure website that uses a database back end without the use of SSL.
SSL won't outright solve all security concerns.
Sorry if this is coming across like a stern warning! I don't have a clue about your background and I'm just trying to be informative and highlight that there might be some other things you haven't considered
Best of luck,
Roy
yup its to protect username/password/email in a database
EDIT: in the future it might also need to hold other private data but there isnt any payment information
as i said before im a complete noob in this area so all help/warnings are appreciated
cheers,
raceway99
Last edited:
Yer, be aware that isnt what SSL will do for you as Roy said above.
Its sole purpose is to protect information only while it's on the wire, i.e from the user to your webserver and that's it. So you use it to stop random people on the internet intercepting the data during transit. Once it hits your webserver it's plaintext and goes into your database unprotected. It wont protect anything in a database for you.
As tntcoder says, the secure socket layer is for the transfer of data securely. That's why when I pass my credit card details etc across the net I don't want other people spying on that data. But it doesn't stop it being unencrypted when it arrives.
You need to look into encryption of the data prior to entering into into your DB. Also, how to clean and calm the data. You don't want people submitting malicious code, give SQL injection and salting a Google and it should set you on the path for securing your forms.
You need to look into encryption of the data prior to entering into into your DB. Also, how to clean and calm the data. You don't want people submitting malicious code, give SQL injection and salting a Google and it should set you on the path for securing your forms.
i think i understand now
ssl would encrypt the data when its being sent back to my server, which would then decrypt it so i can use it in a php script. Id then write some code to format the data and stop SQL injection before encrypting it again and inserting it into the database?
so is their a way to have the database automatically encrypt the data or would i need to write some php to do that?
cheers
ssl would encrypt the data when its being sent back to my server, which would then decrypt it so i can use it in a php script. Id then write some code to format the data and stop SQL injection before encrypting it again and inserting it into the database?
so is their a way to have the database automatically encrypt the data or would i need to write some php to do that?
cheers