> Date: Tue, 26 Feb 2008 17:39:13 -0500
> From: [EMAIL PROTECTED]
> To: php-general@lists.php.net
> Subject: Re: [PHP] checking for and enforcing https
>
> On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote:
>>
>&g
At 5:39 PM -0500 2/26/08, Rick Pasotto wrote:
I've had nothing to add although I've been somewhat annoyed by the
excessive quoting.
--
"The most important thing in life is not simply to capitalize on your
gains. Any fool can do that. The important thing is to profit from your
losses. That requ
On Tue, Feb 26, 2008 at 5:39 PM, Rick Pasotto <[EMAIL PROTECTED]> wrote:
> I've had nothing to add although I've been somewhat annoyed by the
> excessive quoting.
That's probably on the fault of people like myself who use Gmail.
It hides the quoted text automatically, so we don't even see th
On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote:
>
> Of course, getting into that is a completely different discussion
> from the post made by the OP whom, as it appears, gave up and took
> off when Tedd *hijacked* his thread. ;-P
No, I've been reading all the posts and have
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie <[EMAIL PROTECTED]> wrote:
> When most people talk about a http and https directory, they are most
> likely talking about the common convention in shared hosting especially
> on Apache where your account will have a httpdocs/ and a httpsdocs/
> di
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie <[EMAIL PROTECTED]> wrote:
>
> Andrew Ballard wrote:
> > On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
> >> At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
> >> >On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
> >>
Andrew Ballard wrote:
> On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
>> At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
>> >On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
>>
>>> > Am I misunderstanding you somewhere?
>> >
>> >I don't think you are. I think Ted h
At 1:27 PM -0500 2/26/08, Daniel Brown wrote:
It's fun to learn, 'cause knowledge is power! ;-P
---*
The More You Know!
Yes, as the ads say "A mind is a terrible thing..."
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earths
On Tue, Feb 26, 2008 at 1:11 PM, tedd <[EMAIL PROTECTED]> wrote:
> At 12:10 PM -0500 2/26/08, Daniel Brown wrote:
> >On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
> >> At present, I use the actual directories (http/https) to determine if
> >> the operation of the script i
At 12:10 PM -0500 2/26/08, Daniel Brown wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *s
is entered using the wrong protocol, I'll issue a
redirect to correct things.
HTH,
Warren Vail
> -Original Message-
> From: Daniel Brown [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 26, 2008 9:11 AM
> To: tedd
> Cc: PHP General list
> Subject: Re: [PHP] checkin
On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
> At present, I use the actual directories (http/https) to determine if
> the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
> For scripts that don't collect sen
On Tue, Feb 26, 2008 at 11:54 AM, tedd <[EMAIL PROTECTED]> wrote:
> At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
> >On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
>
> > > Am I misunderstanding you somewhere?
> >
> >I don't think you are. I think Ted has been doing it the hard way
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
> Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- so
On Tue, Feb 26, 2008 at 11:12 AM, Jim Lucas <[EMAIL PROTECTED]> wrote:
> And it doesn't say "off". It either exists or doesn't.
>
> if ( isset($_SERVER['HTTPS']) ) {
> // Is using SSL
> } else {
> // Is NOT using SSL
> }
Almost correct.
From http://php.net/reserved.va
On Tue, Feb 26, 2008 at 11:04 AM, Robert Cummings <[EMAIL PROTECTED]>
wrote:
> Surely you mean $_SERVER['HTTPS'] and not $_ENV['HTTPS'].
>
>
>
woops! yep, I meant $_SERVER, thanks :)
--
-Dan Joseph
"Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will
Robert Cummings wrote:
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 10:56 AM, tedd <[EMAIL PROTECTED]> wrote:
So, let's say I wanted script "secure.php" to be forced to use https
-- do I use something like what Dan provided, namely?
https://".$url.$_SERVER['PHP
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
> On Tue, Feb 26, 2008 at 10:56 AM, tedd <[EMAIL PROTECTED]> wrote:
>
> >
> > So, let's say I wanted script "secure.php" to be forced to use https
> > -- do I use something like what Dan provided, namely?
> >
> > > if($_SERVER['SERVER_PORT
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
> On Tue, Feb 26, 2008 at 10:16 AM, tedd <[EMAIL PROTECTED]> wrote:
> > At 3:47 PM +0100 2/26/08, Per Jessen wrote:
> >
> > >tedd wrote:
> > >
> > >> Sometimes I feel like a child here.
> > >>
> > >> Under what circumstances would one
On Tue, 2008-02-26 at 10:56 -0500, tedd wrote:
> At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
> >On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
> > > Then a user wants to purchase something and I direct them to a unique
> >> script in the https directory and that script takes their sensitiv
On Tue, Feb 26, 2008 at 10:56 AM, tedd <[EMAIL PROTECTED]> wrote:
>
> So, let's say I wanted script "secure.php" to be forced to use https
> -- do I use something like what Dan provided, namely?
>
> if($_SERVER['SERVER_PORT'] != '443') {
> $url = isset($_SERVER['HTTP_HOST']) ? $_SERVE
On Tue, Feb 26, 2008 at 10:16 AM, tedd <[EMAIL PROTECTED]> wrote:
> At 3:47 PM +0100 2/26/08, Per Jessen wrote:
>
> >tedd wrote:
> >
> >> Sometimes I feel like a child here.
> >>
> >> Under what circumstances would one require that?
> >>
> >> If your script is in a https directory, isn't t
At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
> Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
N
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
> At 3:47 PM +0100 2/26/08, Per Jessen wrote:
> >tedd wrote:
> >
> >> Sometimes I feel like a child here.
> >>
> >> Under what circumstances would one require that?
> >>
> >> If your script is in a https directory, isn't that secure? OR, is
> >> t
tedd <[EMAIL PROTECTED]> wrote:
> At 3:47 PM +0100 2/26/08, Per Jessen wrote:
> >tedd wrote:
> >
> >> Sometimes I feel like a child here.
> >>
> >> Under what circumstances would one require that?
> >>
> >> If your script is in a https directory, isn't that secure? OR, is
> >> this somet
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
You might want to do such checks if your
On Tue, 2008-02-26 at 09:45 -0500, Dan Joseph wrote:
> On Tue, Feb 26, 2008 at 9:39 AM, tedd <[EMAIL PROTECTED]> wrote:
>
> > Sometimes I feel like a child here.
> >
> > Under what circumstances would one require that?
> >
> > If your script is in a https directory, isn't that secure? OR, is
> >
If you are running Apache you could use a rewrite rule for such a case.
Example below
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(my|folder|examples) /https/://%{HTTP_HOST}%{REQUEST_URI}
[R=301,L]
Aleksander
Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child h
On Tue, Feb 26, 2008 at 9:39 AM, tedd <[EMAIL PROTECTED]> wrote:
> Sometimes I feel like a child here.
>
> Under what circumstances would one require that?
>
> If your script is in a https directory, isn't that secure? OR, is
> this something else?
>
> Please explain.
HTTPS is a protocol:
tedd wrote:
> Sometimes I feel like a child here.
>
> Under what circumstances would one require that?
>
> If your script is in a https directory, isn't that secure? OR, is
> this something else?
>
> Please explain.
You might want to do such checks if your website (www.example.com) is
accessib
On Tue, Feb 26, 2008 at 9:39 AM, tedd <[EMAIL PROTECTED]> wrote:
> Sometimes I feel like a child here.
>
> Under what circumstances would one require that?
>
> If your script is in a https directory, isn't that secure? OR, is
> this something else?
>
>
Well for instance. We have a web server her
At 2:09 PM -0500 2/25/08, Daniel Brown wrote:
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto <[EMAIL PROTECTED]> wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port o
On Mon, Feb 25, 2008 at 2:09 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> if($_SERVER['SERVER_PORT'] != '443') {
>$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
> $_SERVER['SERVER_NAME'];
>header("Location:
> https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUE
008 14:26:12 -0500
> To: Stephen Johnson <[EMAIL PROTECTED]>
> Cc: Rick Pasotto <[EMAIL PROTECTED]>,
> Subject: Re: [PHP] checking for and enforcing https
>
> Nope, it works like a charm for me, but I have it in an IF statement checking
> to see if the requestor is h
On 25 Feb 2008, at 18:40, Rick Pasotto wrote:
What is the best or recomended proceedure for making sure that a
page is
accessed only via a secure connection?
What web server are you using? In my experience this is best done
there rather than in PHP.
-Stut
--
http://stut.net/
--
PHP Gene
Stephen Johnson <[EMAIL PROTECTED]> wrote:
> > Or you can cheat...
> >
> > $url = $_SERVER['SERVER_NAME'];
> > header( 'Location:https://'.$url.'');
> >
> >
>
> I think that would cause an infinite loop of redirection...
>
> This would be better
>
>
> $curPort = $_SERVER['SERVER_PO
ephen Johnson c | eh
> The Lone Coder
>
> http://www.thelonecoder.com
> continuing the struggle against bad code
>
> http://www.fortheloveofgeeks.com
> I¹m a geek and I¹m OK!
> --
>
>
>
>
> > From: Wolf <[EMAIL PROTECTED]>
> > Date: Mon, 2
?>
--
Stephen Johnson c | eh
The Lone Coder
http://www.thelonecoder.com
continuing the struggle against bad code
http://www.fortheloveofgeeks.com
I¹m a geek and I¹m OK!
--
> From: Wolf <[EMAIL PROTECTED]>
> Date: Mon, 25 Feb 2008 13:55:41 -0500
> To: Rick Pasotto <[EMAI
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto <[EMAIL PROTECTED]> wrote:
> What is the best or recomended proceedure for making sure that a page is
> accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of 443,
include this at the very top of every fil
Rick Pasotto <[EMAIL PROTECTED]> wrote:
> What is the best or recomended proceedure for making sure that a page is
> accessed only via a secure connection?
>
Make the server only send over 443 instead of 80...
But if you don't have the ability to change .htaccess or httpd.conf then you
c
Rick Pasotto wrote:
> What is the best or recomended proceedure for making sure that a page
> is accessed only via a secure connection?
The guaranteed way is not serving it over an insecure connection.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
41 matches
Mail list logo
