#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Posts
    2
    Rep Power
    0

    Question SSL correctly used.


    Here's what I have:

    An SSL certificate purchased for my domain.
    My host supports SSL and has a shopping cart system.

    Now, how exactly do I USE it. Here's all I want to do:

    We are a small organization, and all we want is a secure method for users to email us CC#'s to purchase tickets to organized events. We don't need/want online processing. We have a merchant account and would prefer to enter the information manually.

    So if we set up a simple form-mail script, run from an https page, will this secure the information they are sending? Or do we need some specific software to make use of the SSL connection?

    Thanks for any help. If there is a good place to read about this, please let me know.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    The formmailer via a https connection would secure your site against eaves-dropping (is this the right expression?) - man-in-the-middle attacks. But not against any flaws in the formmailer script (most do have quite a lot....).
    SSL is no 100% security as such (nothing is ). it only prevents people from listening to the traffic transferred between the client and the server.

    For your question how to use it: make the script accessible only via https://. Then you have an encrypted connection between the client and the server. No special software needed (besides the SSL enabled web server and browser of course...)

    hope this helps...
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Posts
    2
    Rep Power
    0

    Nice


    Perfect.

    Are there any formmail scripts that you recommend? I have written one or two based on books and freebies I have downloaded. Are there any specific caveats I should avoid? Are any of the freebies any good?

    Thank you very much
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    my personal oppinion: (teach a man how to fish.... ):
    make your own and follow all advice that you get from the thread in the php forum called something like "php security"

    i donīt know of a free pre-made and secure formmailer. maybe you can also get some help here: http://www.phpscriptsearch.com/

IMN logo majestic logo threadwatch logo seochat tools logo