February 10th, 2003, 02:22 PM
SSL correctly used.
Here's what I have:
An SSL certificate purchased for my domain.
My host supports SSL and has a shopping cart system.
Now, how exactly do I USE it. Here's all I want to do:
We are a small organization, and all we want is a secure method for users to email us CC#'s to purchase tickets to organized events. We don't need/want online processing. We have a merchant account and would prefer to enter the information manually.
So if we set up a simple form-mail script, run from an https page, will this secure the information they are sending? Or do we need some specific software to make use of the SSL connection?
Thanks for any help. If there is a good place to read about this, please let me know.
February 10th, 2003, 02:27 PM
The formmailer via a https connection would secure your site against eaves-dropping (is this the right expression?) - man-in-the-middle attacks. But not against any flaws in the formmailer script (most do have quite a lot....).
SSL is no 100% security as such (nothing is ). it only prevents people from listening to the traffic transferred between the client and the server.
For your question how to use it: make the script accessible only via https://. Then you have an encrypted connection between the client and the server. No special software needed (besides the SSL enabled web server and browser of course...)
hope this helps...
February 10th, 2003, 02:34 PM
Are there any formmail scripts that you recommend? I have written one or two based on books and freebies I have downloaded. Are there any specific caveats I should avoid? Are any of the freebies any good?
Thank you very much
February 10th, 2003, 02:40 PM
my personal oppinion: (teach a man how to fish.... ):
make your own and follow all advice that you get from the thread in the php forum called something like "php security"
i donīt know of a free pre-made and secure formmailer. maybe you can also get some help here: http://www.phpscriptsearch.com/