- This topic is empty.
-
AuthorPosts
-
November 23, 2009 at 5:21 pm #26898itschadwhitakerMember
Hello.
I’m building a PHP application in which you submit a job application and it is then encrypted (sha1) and saved to a MySQL database.
Now I obviously want it to be on a secure server because of the sensitive information they are submitting. Now from my knowledge you need to have an unique IP address (provided from host) and a SSL Certificate.
Now for my two questions:
1. There will be a folder on the site for the secure side on the server (https://)… so is it true any form submitted from this location will be automatically encrypted? Or do I need to change any form settings? Also is there a program to "capture" information that is being processed over the internet to check that the information is indeed being encrypted as it’s being submitted?
2. Who would you recommend I obtain my SSL Certificate from? I’m looking for a reliable source but not too expensive.
Thank you.
November 23, 2009 at 6:00 pm #66972AshtonSandersParticipant"itschadwhitaker" wrote:1. There will be a folder on the site for the secure side on the server (https://)… so is it true any form submitted from this location will be automatically encrypted? Or do I need to change any form settings? Also is there a program to "capture" information that is being processed over the internet to check that the information is indeed being encrypted as it’s being submitted?Installing a cert on your server doesn’t automatically make it secure. You’ll need to make a php statement or something that redirects to the secure version of the page, if they accidentally land on the http page.
Make sure that all your links to that page and for the form submission either 1) are relative links or 2) are absolute links with https.
"itschadwhitaker" wrote:2. Who would you recommend I obtain my SSL Certificate from? I’m looking for a reliable source but not too expensive.It’s probably easiest to get the SSL from your host. I’ve gotten certs from Godaddy in the past without any real problems.
November 23, 2009 at 6:05 pm #66974itschadwhitakerMember"AshtonSanders" wrote:Installing a cert on your server doesn’t automatically make it secure. You’ll need to make a php statement or something that redirects to the secure version of the page, if they accidentally land on the http page.Make sure that all your links to that page and for the form submission either 1) are relative links or 2) are absolute links with https.
So just to clarify if the form is on https://www.mywebsite.com/jobs/apply.php and they submitted the form to https://www.mywebsite.com/jobs/submit.php everything will be encrypted as it is being submitted over the internet? I don’t need to change anything in the <form> tags, correct?
Thanks.
November 23, 2009 at 6:32 pm #66977AshtonSandersParticipantCorrect. That will be secure.
November 23, 2009 at 6:40 pm #66981itschadwhitakerMemberThanks AshtonSanders.
Just out of curiosity is there a program to "intercept" submitted form data to test and make sure the data is indeed encrypted?
November 23, 2009 at 7:37 pm #66984AshtonSandersParticipantHmmm. I have no idea.
Anyone know of a way to test a Secure Connection?
November 23, 2009 at 9:52 pm #66987MattMemberIf it didn’t work, you’d get an error message. If the server did not provide you with a public key, or the CA denies the identity, your browser will alert you. You’d also get errors from the server if the public key-encrypted content was undecipherable to the server. When in HTTPS/SSL, the client will always encrypt the contents of the return message with the public key. If the server can’t decipher it, then it doesn’t have the correct private key. Also, Firefox, for instance, will only show the green bar if the server offers encryption of 128 or 256 bits. If the bar doesn’t show, encryption isn’t working. If the bar does show, your SSL certificate is working fine.
November 28, 2009 at 10:03 pm #67184Chris CoyierKeymasterFor the record, the few I’ve bought and installed I used http://sslmatic.com/
I was using a (dv) from Media Temple, so I was using Plesk to deal with the server. I just followed the Media Temple instructions for doing it. It’s quite the process, but if you just walk through it all step by step it’s not too bad.
-
AuthorPosts
- The forum ‘Other’ is closed to new topics and replies.