/    Sign up×
Community /Pin to ProfileBookmark

Secure server option implementation?

Copy linkTweet thisAlerts:
May 02.2004

Can anyone tell me how hard is it to implement a secure area on a site? ie: If you choose a hosting package (from any host) that has a “Secure website hosting (SSL)”option, how do you use it? is there a folder or area that is secure and you just have to put HTML files in there? Basically is it very difficult to get the padlock to appear in the browser? All I want to do is have a form submitted with the padlock present.

thanks

to post a comment
Full-stack Developer

3 Comments(s)

Copy linkTweet thisAlerts:
@PeOfEoMay 02.2004 — No. You do not have to do anything really. https://[email protected] instead of http://[email protected]

it will get encrypted if you use the http protocal automatically. But do not use ssl just for makeing your normal pages 'secure', use it to make your login pages secure, or your checkout pages of an online store. Only use it when you are moving sencative data, and make sure that the pages that do this are on https, you can check this via your server side language and change it to https if it is http. But https is going to lag when it is doing the enitial handshake with the client, should not be noticable, but it could, depends on what kind of stress host is under, but it does take a bit more time. This is why you should only use it for stuff that could be a target of a hacker. using https/ssl does not make your site instantly secure either, your scripts need to be very air tight, make sure users cant enter harmful value in forms so they can create a page error etc, make sure you replace < with &lt; and > with &gt; to disable html too. Also, do not put html files behind a https header unless they have forms with a server side page/script as the action and are getting data.
Copy linkTweet thisAlerts:
@ray326May 02.2004 — SSL is done at the server level so if you want some SSL and some straight then you have to have two server instances. Also, unless you want your users distracted by uneeded warnings you need to make sure all content of an SSL page is served by the SSL server.
Copy linkTweet thisAlerts:
@PeOfEoMay 02.2004 — [i]Originally posted by ray326 [/i]

[B]SSL is done at the server level so if you want some SSL and some straight then you have to have two server instances. Also, unless you want your users distracted by uneeded warnings you need to make sure all content of an SSL page is served by the SSL server. [/B][/QUOTE] his http server also servers ssl/https. So just putting it on the other protocal will call the other instance just fine, as it will run on the other port. Atleast that is what I am assumeing
×

Success!

Help @Yanhead spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...