SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to Install SSL?

    Hi Guys,

    I've just finish develop/coding my PHP web and I was thinking to make it more secure by implementing SSL to it. It is because my web involved sensitive data such as Staff personal information and it can be access via public/internet.

    I thought SSL is managed by hosting provider once we purchased the yearly SSL from them.

    Do I have to alter my coding to suite the SSL? I have around 300 PHP pages.

    If there is an existing thread on this, do you mind give me the link on the installation manual.

    Thanks
    Azhan
    PHP Developer
    Malaysia

  2. #2
    SitePoint Member hostripples's Avatar
    Join Date
    Sep 2013
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by azhan View Post
    Hi Guys,

    I've just finish develop/coding my PHP web and I was thinking to make it more secure by implementing SSL to it. It is because my web involved sensitive data such as Staff personal information and it can be access via public/internet.

    I thought SSL is managed by hosting provider once we purchased the yearly SSL from them.

    Do I have to alter my coding to suite the SSL? I have around 300 PHP pages.

    If there is an existing thread on this, do you mind give me the link on the installation manual.

    Thanks
    Azhan
    PHP Developer
    Malaysia
    Hello azhan,

    SSL will not secure your DATA. SSL is used to secure online transaction from MAN-IN-Middle Attack . If you have a website from which online Transaction or any user Sensitive information is collected , then go with SSL.

    Yes SSL is install by the hosting company and its the installation is Free of cost. You just need to purchase the SSL. And you don't have to make any changes in your PHP code.

    Thanks,
    Hostripples

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,157
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Wouldn't you need to change any hard-coded "http" to "https" and maybe some htaccess lines?

  4. #4
    SitePoint Member hostripples's Avatar
    Join Date
    Sep 2013
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mittineague View Post
    Wouldn't you need to change any hard-coded "http" to "https" and maybe some htaccess lines?
    We can use a htaccess file to change the website from http to https instead of making changes in the code.

  5. #5
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,070
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by hostripples View Post
    We can use a htaccess file to change the website from http to https instead of making changes in the code.
    While this is true, if the code keeps on using http and htaccess is rewriting it to https all the time it's quite wasteful of CPU cycles.
    So it depends on whether you are using "http://" in your code. If you do I'd recommend replacing it with "https://" (which is a simple global search and replace)
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  6. #6
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hostripples View Post
    Hello azhan,

    SSL will not secure your DATA. SSL is used to secure online transaction from MAN-IN-Middle Attack . If you have a website from which online Transaction or any user Sensitive information is collected , then go with SSL.

    Yes SSL is install by the hosting company and its the installation is Free of cost. You just need to purchase the SSL. And you don't have to make any changes in your PHP code.

    Thanks,
    Hostripples
    Hi Hostripples,

    Thanks for your feedback. I understand most of online banking are more keen to use https due to they making transactions.

    But my web only contain "sensitive" personal data such as staff full name, identity registration card number, full address, bank account number, spouse info, salary info etc.

    Correct me if im wrong,

    SSL is secure while communicating between client & server whereby to prevent "eavesdropping" activity in the middle. Correct?

    If above is true, then my thought of SSL to prevent direct hacking is wrong.

    I just thought implementing SSL would be an added feature or so called to give me an excuse to customer whenever they asking "how" secure is your web?. Then I could reply that my web is secured by SSL......

    Soooo should I go with SSL or not? Can I just implement it to impress my client?? LOL.......or is there other way to prevent hacking? sorry guys....i have skill on coding PHP but my knowledge on web security is very low.

    My ex-colleague once told me that any web can be hacked and it just a matter of time, meaning does my web is important for any hacker out there willing to waste their time to hack my web.


    Thanks
    Azhan
    Malaysia

  7. #7
    SitePoint Member
    Join Date
    May 2014
    Location
    Houston, TX
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation

    Azhan,

    Quote Originally Posted by azhan View Post
    Hi Hostripples,

    SSL is secure while communicating between client & server whereby to prevent "eavesdropping" activity in the middle. Correct?

    If above is true, then my thought of SSL to prevent direct hacking is wrong.

    I just thought implementing SSL would be an added feature or so called to give me an excuse to customer whenever they asking "how" secure is your web?. Then I could reply that my web is secured by SSL......

    Soooo should I go with SSL or not? Can I just implement it to impress my client?? LOL.......or is there other way to prevent hacking? sorry guys....i have skill on coding PHP but my knowledge on web security is very low.

    My ex-colleague once told me that any web can be hacked and it just a matter of time, meaning does my web is important for any hacker out there willing to waste their time to hack my web.


    Thanks
    Azhan
    Malaysia
    SSL is important for your website I believe. The benefit you get out of SSL is that when someone types in their username and password someone cannot sniff it out using the man-in-the-middle attack described above. This does not prevent hackers from compromising your website using other means. If you would like to learn how to write secure code, find great tools on how to audit your code for vulnerabilities (great open source tools available) then I highly recommend checking out OWASP and becoming a member. They have great articles on writing secure code in any language. It is just a great all around resource when it comes to web security in general.

    However, any website that has an authentication system build in and stores confidential user data should be secured with an SSL certificate.

    Please feel free to ask for some specific help in getting your certificate issued as well as I have extensive experience in this arena.

  8. #8
    SitePoint Member hostripples's Avatar
    Join Date
    Sep 2013
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello Azhan ,

    Yes you can use SSL on your website through which you can provide a secured link for your clients .

    Regarding the hacking on the website , there are many vulnerabilities .

    Please read Open Web Application Security Project (OWASP) TOP 10 2014 Vulnerabilities list .

    Also there are other factors through which website is hacked . If you are using a Shared server and if one website is compromised on the server then hacker can bypass the whole server , So server security is also must in this case .

    Thanks,
    Hostripples


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •