Home > Archive > PHP Language > November 2005 > howto sent secure information
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
howto sent secure information
|
|
| Bruintje Beer 2005-11-21, 6:56 pm |
| Hello,
I have a question. Sometimes when you submit informationfrom a form, for
example your credit card number, is send "secure" to the server or to some
payment site. How is this done. What software do you need to do sent secure
information it in php. Do you need a certificat or something like this.
John
| |
|
|
|
| Bruintje Beer wrote:
> Hello,
>
> I have a question. Sometimes when you submit informationfrom a form, for
> example your credit card number, is send "secure" to the server or to some
> payment site. How is this done. What software do you need to do sent secure
> information it in php. Do you need a certificat or something like this.
>
> John
>
>
You need a web server that supports SSL. apache will if you install
OpenSSL. You need a fixed IP address for each site you host - you can't
share an IP address like you can with normal web sites. Yes you do need
certificates, which unfortunately you will need to pay for in order to
give people confidence. In practice you can sign your own, but it will
conern people.
Here is a site I set up
https://www.3gshare.info/
which has a self-signed certificate. Note the warning it will give.
The vast majority of that site is secured by SSL. It is for private use,
so whilst one the web it is not for general use - hence most is password
protected.
link to "Chill Out" is not on a secure server, but is again password
protected.
--
Dave K
http://www.southminster-branch-line.org.uk/
Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)
| |
| Hilarion 2005-11-22, 6:56 pm |
| > I have a question. Sometimes when you submit informationfrom a form, for
> example your credit card number, is send "secure" to the server or to some
> payment site. How is this done. What software do you need to do sent secure
> information it in php. Do you need a certificat or something like this.
If you want to send the data from your <form> to some third party server
(like some payment site), then the only thing is to provide proper "action"
attribute value of the <form> tag. It's the user browser and the third party
server which will do the "secure" thing (the data do not come from your
server and do not get to your server).
If the data from the form has to be submitted securely to your script
(from this <form> or from some external server), or sent by your script
(not by the form, which means by the browser, but by PHP script itself)
to some external server, then it's a bit different. In the first case
you'd have to do what Dave wrote (have a webserver which supports SSL
and a trusted certificate) and in this case all is done by your webserver
(you do not have to do anything in your PHP scripts to make them able
to receive secure data). In the second case you need to enable your
PHP to do secure HTTP requests (and to get the secure responses), which
in most cases means installing support for CURL in PHP and getting the
public part of the external webserver certificate.
Hilarion
|
|
|
|
|