Hi, I need to have a data transmitted in a secure server enviorment. I looked at SSL, but most of the articles I read just told me about how it worked, but know how to implicated it.
Maybe there are other options.
Users are entering sensitive information into forms, and I need the data to be safe when its being transmitted to the script, in which it will then be saved on the server. Im pretty new with the whole security thing. I use sessions a lot, but they dont realy imply in particular case. I need something that encrypts (i guess) the data between pages.
any one with exp.?
Well, you can start by using an SSL mod to apache (mod_ssl) to allow you to use https:// on your website. As far as transmitting encrypted POST data across pages, I suggest just using SSL because that ends up doing the job right there because of security encryption itself. There are a TON of encryption libraries out there you can use to crypt and decrypt your data across pages, but thats if your extremely paranoid.
I myself am trying to figure out how I can secure sessions without letting someone "hijack" the session.
Anyway, hope that helps you out and I suggest www.phpbuilder.com for some good PHP/SSL tutorials, they worked for me.
so your saying (if its installed) just put https:// in front of the page??
When I do that it loads just a blank page
Any one else have exp with ssl? Im having troubles getting it to work... from what I under stand, from the last post, all I have to do is put https:// in thei link?
When I do that, it pops up Im going into a secure something or other, but hten loads a blank page
Your also hve to configure your apache config file correctly. There is a seperate section in virtual host for SSL.
Not that I know how to get SSL to work either, and I gather that it requires a Certificate - but assuming we have a secure transaction:
(1) Result is stored in a database - maybe encripted / maybe not
(2) Result is resident in memory on the server
Then how can we retreive the information securely. How can the client receive information about a secure transaction? If a report to html is run on a secure server is the output secure from the server to the client? If an extract file is produced and then downloaded to the client - aren't we exposed at this point?
not to sure.. what im doing in this script is just writing the form entries to a text file in the root directory of the server.. nuthing is put back out to the client except a conformation