HTTPS and PHP

Anon

I'm just beginning a project that will need to transfer sensitive data via forms. My question is, how do I establish a HTTPS using PHP. Basically, I want to protect this one form and the pages behind it.

SSL has already been installed on the Linux server.

Thanks,
MO

Anon

Mo,

You do the same as with html files !
call your PHP script containing the form as you would any html file.

whatever the SSL URL is, example:
https://www.your_domain/your_formfile.php

submit the form via SSL
<FORM ACTION="https://www.your_domain/your__next_file.php" METHOD=POST>

Peter M

kparker

What Peter said, and in addition--if you want to require that a page be accessed only through HTTPS, say this early on:

if ( $SERVER_PORT != 443 ) // or whatever nonstandard port is being used
   die("go away hacker!");

Anon

Kirk,

The if port checking for SSL sounds good ! Can you elaborate a little about it increases security from outside attempts to access those files containing this if statement ?

Thanks,
Peter

kparker

Just because you have https enabled, it doesn't mean users are going to be using it. I.e. if you have a link on your site that says:

  https://my.domain.com/secretinfo.php

and the user discovers the name by following the link, they can subsequently type the following and get it via unencrypted access:

  http://my.domain.com/secretinfo.php

There's nothing inherent in the presence of https capability on your webserver that would require the use of it, and though it may be possible to set the requirement on a per-directory basis, I always prefer to include it right in the file so somebody else (e.g. the webserver admin) can't make a mistake and grant plain access to it. The only downside is if the port for secure access changes, you have to edit the files.