7.7 SSL

Previous page
Table of content
Next page

The Secure Sockets Layer (SSL) provides a secure channel over which regular HTTP requests and responses can flow. PHP doesn't specifically concern itself with SSL, so you cannot control the encryption in any way from PHP. An https:// URL indicates a secure connection for that document, unlike an http:// URL.

The HTTPS entry in the $_SERVER array is set to 'on' if the PHP page was generated in response to a request over an SSL connection. To prevent a page from being generated over a nonencrypted connection, simply use: 

if ($_SERVER{'HTTPS'] !== 'on') {   die("Must be a secure connection."); }

A common mistake is to send a form over a secure connection (e.g., https://www.example.com/form.html), but have the action of the form submit to an http:// URL. Any form parameters entered by the user are sent over an insecure connection a trivial packet sniffer can reveal them.


Previous page
Table of content
Next page
Programming PHP
Programming PHP
ISBN: 1565926102
EAN: 2147483647
Year: 2007
Pages: 168
Authors: Rasmus Lerdorf, Kevin Tatroe
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
The CISSP and CAP Prep Guide: Platinum Edition
A Practitioners Guide to Software Test Design
Managing Enterprise Systems with the Windows Script Host
MySQL Clustering
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy