secure user registration with php/mysql

Anon

Hi,

I'd like to create a registration-area where user have to register by login and pwd.

so I've set up a form, use the post method to transfer data to my php and it writes the collected data in my mysql-database.

BUT what about a secure browser connection (SSL) or an encryption while submitting the form or so.

I have absolutly no ideas how to realise a secure section (SSL or something like this).
Does anyone of you have excperiences with that or can give me an url where I can find a tutorial about this topic?

tanks in advance
Karsten

karsten@gahn.de

Anon

Wow, you're going to be getting into some hairy topics with this.

You need to equip your web server with SSL software. If you're running Apache on your own server, you can look into installing something like mod_ssl (http://www.modssl.org) or another SSL Apache module. I'd do a keyword search on freshmeat.net (http://freshmeat.net) for "apache ssl" to start, or looking around the Apache web site (http://www.apache.org). This will require you to install and perhaps compile either an Apache module or maybe all of Apache itself.

If your site is running off an ISP, you'll have to ask them what the possibilities are for SSL.

Beyond even getting the SSL server software to work, you may also want to get your SSL certificates signed by a commonly trusted authority. This costs money. The major CA's are VeriSign and Thawte, who actually just merged together. Getting your certificates signed basically means that VeriSign and Thawte make sure you are who you say you are, and that no one else can be impersonating your SSL site.

It's a big undertaking in that you'll be learning a lot if you do it all yourself... I've successfully compiled mod_ssl into Apache with PHP on my own test servers.

Anon

can i install SSL software in Window98 platform???( i meant local development to test of it)
currently i have tried all my php code in local pc..

thank you!

Anon

Hello,

First, please excuse my bad English. This is not my native tongue.

I've experimented SSL with Apache under Linux, but before using it you should take some time to understand how it works. I've learned all I nedded about it on :
http://doc.ctrlaltdel.ch/serveur/mod_ssl/
This is for using SSL module in Apache.

But, once you have activated SSL module, you have to deliver certificates to clients, to permit them to visit your site.
Clients have to submit you a certificate request, you sign it and converting it in pkcs12 format, to integrate it in their Netscape.
In fact you can create your own CA (Certificate Authority), no need to call an external entity (it obviously depends on what you really want to do).

There's a Linux package that can help you to make certificate requests, sign certificates and converting them : it is openssl.
There's not a lot of documentation about it, but in the package there is several manpages with some examples. It is sufficient to make it work.

I'm not talking about PHP so I will stop here.

Good luck!

Anon

I would am seeking info on using PHP to encrypt a form with PGP and then mail this form. The form will include user information and credit card information. I saw a brief article about this at www.webmonkey.com. Has anyone out there ever done this. Any info is helpful